Human Essentials is an inventory management system for diaper, incontinence, and period-supply banks. It supports them in distributing to partners, tracking inventory, and reporting stats and analytics.
We only link to the PartnerUser management page for bank admins, but in app/controllers/partner_users_controller.rb we don't re-assert that restriction. Add a bank-org admin check to this controller.
Things to consider
No response
Criteria for Completion
[ ] When logged in as a bank non-admin user, you should get a permission denied error when navigating to /partners/ID/users
Summary
We only link to the PartnerUser management page for bank admins, but in app/controllers/partner_users_controller.rb we don't re-assert that restriction. Add a bank-org admin check to this controller.
Things to consider
No response
Criteria for Completion