Accessing an inherited survey presents as if sub-org admin can edit it

[richardolsson]

Description

When a survey is inherited to a sub-organization, admins of that sub-organization should only be allowed to see the submissions, not edit the survey in any way. But navigating to such a survey today (and even more relevantly, after a fix to #1721) leads to a normal survey page where things seem like they're editable, but editing them as a sub-org admin will (correctly) be prevented by the API and raise errors.

Steps to reproduce

1. Go to http://localhost:3000/organize/1/projects (parent org)
2. Click on any survey (go via "Activities" if none shows up in the overview)
3. Go to the "submissions" tab
4. Make sure "share with sub-organizations" is activated
5. Change the URL to replace the org ID 1 with 2 (just clicking won't work at the time of writing because of #1721)
6. Ono the survey page that loads, interact with the title

Expected Behaviour

The title should be read-only, because you are acting within an organization that does not own this survey.

Actual Behaviour

The title can be edited. If you had been logged in as a sub-org admin, editing it would also throw an error, but that's secondary, because the interface should not present as editable in the first place.

Screenshots (if you have any)

Proposed solutions

When visiting an inherited survey, disable all editable fields. Present a banner somewhere saying something along the lines of "This survey is owned by ORG TITLE so you can't edit it" if the user is not an admin in the parent org, or "This survey is owned by ORG_TITLE. Go to LINK to edit it" if the user is an admin in the parent org.

Editable fields that need to be disabled include:

• [x] The title
• [x] The "publish" button and scheduling widget
• [x] The content in the "questions" section
• [x] Under submissions, the "share with sub-organizations" option

[richardolsson]

Maybe @yusf can suggest a design for such a banner? Or a completely different solution if you want?

[sefsh]

Ah yes, this will need a general read-only type of designed solution as we should expect this situation to emerge repeatedly as we expand on features of sharing content across orgs.

[sefsh]

Finally a stab at this issue!

• Top banner with MUI "info" coloring and iconography
  • User with view privilege This survey is owned by ORG_TITLE and is not editable.
  • User with edit privilege This survey is owned by ORG_TITLE and is editable only from its original location.
  • Embedded button labelled Go to original
• Title is static, not editable
• Publish button disabled
• Scheduling widget disabled
• Survey sections not editable
• Survey sections marked for hiding by owner completely hidden
• Survey section position tools hidden
• Submissions sidebar sections hidden
• Submissions linking tool hidden, replaced with static text Unlinked
• Submission content marked for hiding by owner completely hidden

View privilege

Edit privilege

Same as above but a different banner message and action.

[richardolsson]

@sefsh The last image ("Edit privilege") looks identical to the previous one to me. Is it a copy-paste mistake?

[kaulfield23]

• [x] Top banner with MUI "info" coloring and iconography User with view privilege This survey is owned by ORG_TITLE and is not editable. User with edit privilege This survey is owned by ORG_TITLE and is editable only from its original location. Embedded button labelled Go to original
• [x] Title is static, not editable
• [x] Publish button disabled
• [x] Scheduling widget disabled
• [x] Survey sections not editable
• [x] Survey sections marked for hiding by owner completely hidden
• [x] Survey section position tools hidden
• [x] Submissions sidebar sections hidden
• [x] Submission content marked for hiding by owner completely hidden
• [x] Shared in project overview