search

reliatec-gmbh / LibreClinica

LibreClinica is the community driven successor of OpenClinica. It is an open source clinical trial software for Electronic Data Capture (EDC) Clinical Data Management (CDM).
https://libreclinica.org
GNU Lesser General Public License v3.0
39 stars 19 forks source link

SOAP study listAllRequest does not report child study where user has site monitor access only #406

Closed toskrip closed 1 week ago

toskrip commented 1 week ago

Description: Noticed that for monitor users the SOAP call for listing all studies does not return child study when there is no parent access to the study.

Requirements: User with enabled SOAP and monitor rights for site without permission for parent study.

Steps to follow:

  1. listAllRequest SOAP request

Expected result: Parent study listed in studies (correct even without extra parent study permission) and study sites with access listed in sites.

Actual result: Only parent study listed in studies and study sites not listed at all.

toskrip commented 1 week ago

After reviewing the code I noticed that UserAccountDAO.findStudyByUser gives different answer for the same user when called from web (correct) compared to when called from ws (missing rights on study site).

Did some refactoring to cleanup the code a bit and at the end it turned out that terms.properties in ws are not properly synced with web. Causing issue specifically for monitor role.