Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Medium
-
Resolution: Fixed
-
Affects Version/s: 1.3.2, 1.4-milestone-1
-
Fix Version/s: 1.3.6, 1.4-milestone-3
-
Component/s: family-studies, Pedigree
-
Labels:None
-
Epic Link:
Description
Steps to reproduce:
- log in with JohnDoe
- create a new patient, draw its pedigree
- log in with Admin
- create a new patient, add it to JohnDoe's family & pedigree
- log in with JohnDoe, edit the family
- correct: JohnDoe cannot click on Admin's patient, view its details, or edit it in any way
- bug: JohnDoe can delete the whole node from the pedigree
- In Admin's patient history, the patient appears modified by JohnDoe, even though JohnDoe cannot access that patient
- consequence bug: if JohnDoe click Undo in the pedigree, saving will fail due to insufficient permissions; the behavior is correct, JohnDoe shouldn't be able to put Admin's patient in a family, and this bug will not be present once the original bug is fixed
