Uploaded image for project: 'PhenoTips'
  1. PT-3442

Users can remove from a family patients that they can't normally access

    Details

      Description

      Steps to reproduce:

      • log in with JohnDoe
      • create a new patient, draw its pedigree
      • log in with Admin
      • create a new patient, add it to JohnDoe's family & pedigree
      • log in with JohnDoe, edit the family
      • correct: JohnDoe cannot click on Admin's patient, view its details, or edit it in any way
      • bug: JohnDoe can delete the whole node from the pedigree
        • In Admin's patient history, the patient appears modified by JohnDoe, even though JohnDoe cannot access that patient
      • consequence bug: if JohnDoe click Undo in the pedigree, saving will fail due to insufficient permissions; the behavior is correct, JohnDoe shouldn't be able to put Admin's patient in a family, and this bug will not be present once the original bug is fixed

        Attachments

          Activity

            People

            • Assignee:
              asm Andriy Misyura
              Reporter:
              sdumitriu Sergiu Dumitriu
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: