search

rokwire / illinois-app

Source code repository of "Illinois" App - the official mobile app of the University of Illinois.
https://app.illinois.edu/
Apache License 2.0
22 stars 20 forks source link

[BUG] Groups: Students can see the Create Group button. When they create a group, they get an unhelpful error msg. #663

Closed joegrohens closed 2 years ago

joegrohens commented 3 years ago

Describe the bug Students have the ability to try to create groups. When they do, they get an unhelpful error message.

Both Chia-Ching and Rebecca @rebeccaavgoust did this.

To Reproduce

  1. Browse > Groups > Tap Create Group
  2. Populate the Group info
  3. Tap Create Group button at the bottom.

Result: ERROR Failed to Create Group: Unknown Error Occurred

student create groups error

Expected behavior

I think, per @kpecknold , students should not be able to see the Create Groups button.

If they are able to see it, we should provide a notification before they try to use the button. ("Creating Groups is only available to Faculty and Staff.")

If we are going to let students try to create groups, then at least give them a decent error message so they don't keep trying. ("Creating Groups is only available to Faculty and Staff.")

Illinois v 2.6.14 on iOS

pmarkhennessy commented 3 years ago

@dobromirdobrev We should hide create if the user not have the correct permission. If error message is generic then fix the spelling of unknown. If the error is specific then fix the text as per Joe above, even though hiding the ability to create a group will fix this, at some point we may enable it for other users so it would be good to have the text correct.

dobromirdobrev commented 3 years ago

@joegrohens , @pmarkhennessy ,

This should be fixed now. These are the applied changes.

  1. User can create group if all of the below points are fulfilled: 1.1 He/She has selected "Employee" in Personal information -> Who you are. This is equal to "Faculty" and "Staff" 1.2 He/She is member of the shibboleth group urn:mace:uiuc.edu:urbana:authman:app-rokwire-service-policy-rokwire groups access.

If either one of these requirements is not fulfilled, then the user won't see the "Create" group button.

  1. The spelling of the generic message was fixed from unknwon error occured to Unknown error occurred.

  2. The message for not authorized user is changed from You do not have permission to perform this operation. to Creating Groups is only available to Faculty and Staff.

  3. Fixed bug in error code handling in the client app for creating group.

Also please note one important thing:

Currently the check for creating group from 1.2 is made on the client and on the server. But there is no such check when user updates a group. User is allowed to update a group if he/she is admin of the updated group.

We have two questions: Q1: Is this shibboleth group is the correct one for creating group? Q2: Do we have to apply the same logic for updating group?

Please check the fix with version 2.6.16 and let us know your comments.

joegrohens commented 3 years ago

Thank you for these fixes. We will test, and close the issue when verified.

Just for clarity about user role. Employees can be students too (student hourly employees, interns, and graduate teaching assistants, for example). I don't know if we have statistics about how many people select both Student and Employee as their user role, but it's probably common.

I understand that a student choosing Employee as their "Who Are You" would not give them permissions to create groups, because of the separate authman list.

But it is not correct that a self-selected Employee designation is equivalent to faculty or staff. (Also, I am not aware that we do any verification of whether a person is actually an employee or a student. Anyone can choose any user role that they like, as far as I can tell, and Rokwire will not check that.)

isaac-galvan commented 3 years ago

@joegrohens @dobromirdobrev Please make the visibility of the Create button based on membership of the Authman group only and not based on their self-selected role. All faculty and staff have been added to that Authman group right now, but we do plan to add some students to the Authman group for access in the very near future.

@joegrohens as we're wanting to give some students access to create groups (such as residence hall advisors and those participating in Living Learning Communities), the message "Creating Groups is only available to Faculty and Staff." will be outdated soon. Please consider another way to communicate that additional permissions are needed.

joegrohens commented 3 years ago

@isaac-galvan @pmarkhennessy @dobromirdobrev

Per Isaac's comment that students will have permission in some cases .... Could we change the error message back to?

You do not have permission to perform this operation.

dobromirdobrev commented 3 years ago

Hi @isaac-galvan , @joegrohens , @pmarkhennessy ,

  1. The visibility of "Create" button is based only on the membership of the Authman group: urn:mace:uiuc.edu:urbana:authman:app-rokwire-service-policy-rokwire groups access

  2. The error message is changed from:

Creating Groups is only available to Faculty and Staff.

back to:

You do not have permission to perform this operation.

This is done in version 2.6.17 and 3.0.0

joegrohens commented 2 years ago

Students are now allowed to create groups, so the restriction has been removed.