Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changing a role from being "online" to "offline" does not also change behavior of existing users having this role #8668

Open
dianabarsan opened this issue Oct 27, 2023 · 3 comments
Open

Changing a role from being "online" to "offline" does not also change behavior of existing users having this role #8668

dianabarsan opened this issue Oct 27, 2023 · 3 comments
Labels
Type: Bug Fix something that isn't working as intended

Comments

@dianabarsan
Copy link
Member

Describe the bug
Users can have a specific role flag mm-online, which determines whether they are online or offline users. This role is added or removed when the user is created or edited, depending on the list of roles that is provided for them.
If a user is assigned to an role that is online, they will also be assigned this mm-online role.
If the user's primary role is later changed, from being online to offline, any user that has this role will still be treated as online, because of the mm-online flag.

To Reproduce
Steps to reproduce the behavior:

  1. Create a new online role.
  2. Create a user with this online role.
  3. Edit the role and make it offline.
  4. Log in with the user and observe they are treated as an online user: they have access to all documents and do not have the app available when they are offline.

Expected behavior
It should be clear that simply editing the role is not sufficient to changing the behavior of users that are assigned to this role.
An alternative would be to edit the users every time a role is changed.

Environment

  • Instance: self hosted partner
  • Version: all

Additional context
This came in through the forum: https://forum.communityhealthtoolkit.org/t/scope-report-viewing-to-specific-top-level-place/3092/9
@dianabarsan dianabarsan added the Type: Bug Fix something that isn't working as intended label Oct 27, 2023
@dianabarsan dianabarsan changed the title Changing a role from being "online" to "offline" does not also change status of existing users having this role Changing a role from being "online" to "offline" does not also change behavior of existing users having this role Oct 27, 2023
@dianabarsan
Copy link
Member Author

dianabarsan commented Oct 27, 2023
edited

I don't believe this will be a straight forward change so all users are edited when a role is changed kind of situation.
Changing a user from being online to being offline, and vice-versa, while the user is logged in, will produce all sorts of unexpected, and potentially very damaging, results, so propagating the role change to users automatically can be seriously risky.

Not providing any indication that the users won't be affected by the role edit needs to change.

@garethbowen
Copy link
Member

Yeah this sounds risky. The quick fix would be to block anyone switching, essentially forcing creating a new user. I'm not sure how common it would be to actually want to change an existing user...

@dianabarsan
Copy link
Member Author

dianabarsan commented Oct 30, 2023
edited

Oh, interesting idea. So switching a role online status would disable all user logins that have this role?
Because roles are likely changed through pushing config, instead of the admin UI (I think we don't even offer this switch as a UI option), we would need to have some sort of warning in cht-conf.
If deployments use CI pipelines for config pushes, the warning can become ineffective.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Fix something that isn't working as intended
Projects
Product Team Activities
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garethbowen @dianabarsan