Uploaded image for project: 'PhenoTips'
  1. PT-2971

An empty family with no pedigree has rights that are too permissive

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: 1.3-milestone-4
    • Fix Version/s: 1.3-milestone-5
    • Component/s: family-studies
    • Labels:
      None

      Description

      To reproduce:

      1. As User 1, create a new family, F1. (Do not enter any pedigree data.)
      2. As User 2, edit the family F1. Draw a pedigree. (Do not link any individual in the pedigree to a patient record).
      3. Save and close the pedigree.
      4. You will see the error in the attached screenshot.

      This happens because on pedigree save, the family (F1) document's permissions are updated to match the aggregate permissions of all of the individuals in the family. These new permissions are more restrictive and now disallow viewing and editing for User 2.

      As discussed in dev meeting today, the solution should be to make sure that the family document's permissions also take into account the creator of the document, and restrict the document from viewing/editing by other users. This way, in this case the family (F1) document would not have been editable by User 2 in the first place.

        Attachments

          Activity

            People

            • Assignee:
              asm Andriy Misyura
              Reporter:
              danielpgross Daniel Gross
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: