jillpe
commented
11 months ago What do you want non-super admins to see?
Closed jillpe closed 10 months ago
jillpe
commented
11 months ago What do you want non-super admins to see?
ndroark
commented
11 months ago Partially, we're not sure what some of these fields are for, and thus we're not sure what could potentially allow users to break systems by changing settings.
The ones we don't know about are:
I think we should also limit File Size Limit to superadmin (I also notice that the text says it should be set to at least 536870912000 but the default value is only 5368709120)
ndroark
commented
11 months ago Given the information on ticket 778, we should add Contact Email and Contact Email To to the list of things only superadmins can access. https://github.com/scientist-softserv/palni-palci/issues/778
jillpe
commented
11 months ago SoftServ QA: ✅ Pass!
ndroark
commented
11 months ago We want to retain Contact email to for local admins. There is also an issue with some tenants having different Account settings pages (see au-archives.hykucommons.org, compare to sju-library.hykucommons.org).
ShanaLMoore
commented
11 months ago @ndroark What do you mean by local admins? These fields should only show to superadmins with our changes.
ndroark
commented
11 months ago I mean that we need to revert that change for the Contact Email To field. It should be accessible to non-super admins, since it's something they can set and change without additional configuration. See Rob's comment here https://assaydepot.slack.com/archives/C0313NKC08L/p1697499227224089?thread_ts=1697487952.830559&cid=C0313NKC08L
ShanaLMoore
commented
11 months ago Gotcha. For clarity of this ticket, could you list the fields that should only be displayed to superadmins? This ticket listed many fields. We currently have them defined in a constant, here cc @ndroark We did this based on this comment (and the acceptance criteria)
SUPERADMIN_ONLY_SETTINGS = [:contact_email, :contact_email_to,
:analytics_provider, :file_acl, :s3_bucket,
:oai_prefix, :oai_sample_identifier,
:file_size_limit].freezeFor sure, that same list without the Contact email to. So the superadmin only settings are :
:contact_email, :analytics_provider, :file_acl, :s3_bucket, :oai_prefix, :oai_sample_identifier, :file_size_limit
ShanaLMoore
commented
11 months ago Tested on: https://dev.commons-archive.org/
SUPER ADMIN SHOULD SEE:
ADMIN SHOULD NOT SEE:
ndroark
commented
11 months ago The help text for "Contact email" and "Contact email to" are reversed
kirkkwang
commented
11 months ago switched the hint text, will be doing a hot fix deploy soon
Summary
The Account Setting page has too many options for non-super admins, and Pals would like to limit their options.
Screenshots
Hide certain settings from non-superadmins on the Account settings dashboard page as prescribed by the client.
Acceptance Criteria
A non super admin user should NOT see the following fields:
Testing Instructions
Visit the options here, as a super admin and a non super admin.
super admin login: support@notch8.com => get password from 1Password non super admin login: user@example.com => testing123
Expected Behavior Before Changes
screenshot (non superadmin user)
screenshot (superadmin user)
Expected Behavior After Changes
screenshot (non superadmin user)
screenshot (superadmin user)
