S2S_New Right_ S2S_Process [1]

[SahaLinaPrueger]

Feature Description

A new user right is introduced for S2S because of data protection reasons.

Proposed Change

• Implementation of right SORMAS_TO_SORMAS_Process

• Name of right:
  S2S_Process

• Description of right:
  Only users with this right are allowed to process received shares and only this user is allowed to see & use the share directory.

• The right is linked to the following roles:
  none

• Change right SORMAS_TO_SORMAS_SHARE

• Name of right:
  S2S_Share

• Description of right:

• Users with this right can initiate a share for a case/contact (is already included in the right).
• The rights from S2S_Process must be withdrawn from the right SORMAS_TO_SORMAS_SHARE
  (so a user with the right SORMAS_TO_SORMAS_SHARE can not see the share directory and can not process incoming share request.)

• The right is linked to the following roles:
  none

Acceptance Criteria

Implementation Details

Additional Information

[SahaLinaPrueger]

@JaquM-HZI

[leventegal-she]

• The right is linked to the following roles:
  none

@SahaLinaPrueger does the above mean that no default user role will have right to share and/or process share requests?
Do we need to remove the SORMAS_TO_SORMAS_SHARE right of currently existing user roles?

[SahaLinaPrueger]

Yes, that is exactly what is meant.

[ChristopherRiedel]

Yes, that is exactly what is meant.

@SahaLinaPrueger Just to be sure: This then means that on all instances (development, test and production) there will be no more users that can use Sormas2Sormas until someone manually reassigns these rights in user role management. Is this desired? I would actually have expected that the rights would only be removed from DefaultUserRoles, but all users would be able to do everything as before.

[SahaLinaPrueger]

@ChristopherRiedel thank you very much for the demand!
If it is possible to only remove the rights from the DefaultUserRoles AND already existing users are able to do everything as before this would be nice.

So when a new health department gets S2S, first of all no user should be able to operate S2S with the DefaultUserRoles.
If it is possible, that in health departments that already have S2S (and development and test instances), the users that already have S2S rights keep them, so SORMAS_TO_SORMAS_SHARE and SORMAS_TO_SORMAS_Process (and other rights that are needed for S2S) get automatically, that would be great. (@Jan-Boehme FYI)

[ChristopherRiedel]

@SahaLinaPrueger Yes that's possible. I will make sure it is implemented that way.

[AndyBakcsy-she]

Validated ticket on the latest version of sormas 1.75.0 deployed on test-de2 environment

[leventegal-she]

The user with S2S_Process right does not have With Ownership/View only filters.

With Ownership/View filters should be visible for all users regardless of user rights, it should only depend on the feature configuration

[SahaLinaPrueger]

The user with S2S_Process right does not have With Ownership/View only filters.
With Ownership/View filters should be visible for all users regardless of user rights, it should only depend on the feature configuration

@leventegal-she Can you explain what do you mean by that?

[leventegal-she]

@SahaLinaPrueger I meant the filter added with #9787 was not visible only for the users that had S2S_SHARE right. But it should be visible for any user as long as s2s is configured on the system similarly to the share box like you commented here: #10084 (comment)

[dragosb-vg]

Validated on test-de3, Version: 1.77.0-SNAPSHOT (ba98b49)
Tested all 'S2S_Process' - 'S2S_Share' rights combination on test-de-3 (with pending/accepted/revoked share requests to & from test-de1)