Closed dan-tang-ssd closed 1 year ago
As discussed, we should hide the functions if the logged in user does not have permission to use them.
Just found that all institutional roles can export initiative data as excel file with same content...
I think we may need a more comprehensive review on existing functions for different roles. E.g. Show or hide / Enable or disable a particular button for a particualr role
Describe the bug Roles and permissions issue
To Reproduce Login as Institutional Member My Institution > SETTINGS > Update some settings then save, success My Institution > ADDITIONAL ASSESSMENT CRITERIA > Update some settings then save, success Initiatives > Import Initiatives > Should we hide "Import Initiatives" button?
Expected behavior Should we make those features as read-only for users without corresponding permission?