New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG: CSV Export history should ONLY show exports from the logged in user #2601
Comments
@Angamanga I couldn't reproduce this. |
@Angamanga can you see if you can recreate this? |
@rowasc @caharding Unfortunately, yes I can reproduce it on .io. I created a new user and went to the data-export in settings and started an export. In the export-history-tab I see all export-jobs that is finished from all users. I also see all the export-jobs in the response from the api so its not a caching-issue. |
Spec:
|
@willdoran Looks good, moving to ready for dev! |
Needs a new spec. @willdoran |
@jrtricafort do you remember why this was flagged as "needs a new spec" ? |
@rowasc That comment was to capturing something from a conversation I had with @willdoran , but I don't recall the specifics. Will do you remember? If not, I think we can probably ignore that for now, since we have prioritized this as P2 so not as high a priority. |
Thanks @jrtricafort. I'd prefer to move this to cycle 7 if it's really a P2 for us , since cycle 6 is pretty full at the moment and we're even behind on specs :/ |
@rowasc Done |
@willdoran Do you recall your conversation with Juan about why this needed new spec? |
@crcommons I think though I failed to write this down it's because admin users should not see all jobs but only their own. But may be double check that with @jrtricafort |
@willdoran @crcommons That's correct. Admin users should only see their jobs. There's some ambiguity here, because we do tend to give admin users lots of superpowers over lots of their own deployments. But seeing all exports with the username (as was originally spec'd for this issue back in May) is more like an audit of other users' behavior, and at no other point in the UX do we support that. If there is ever a use-case where someone actually needs to see who is exporting what, that is more of a privacy workflow and that should be treated as a separate special thing (which doesn't currently exist outside of hitting up the DB directly on the backend). So long story short, yep, even admins should just see their own exports in export history. |
@jrtricafort I've implemented this fix in develop, however, with Kohana (which is in production) we have it so that users who have all manage settings can't even access exports at all, let alone their own exports. Is this something we need to change now in production or can we wait until lumen is released? Screenshot shows a logged in user with manage settings, posts, and users. Clearly this user cannot do those things. |
@jrtricafort @crcommons I added an issue about Manage Settings not allowing some of the permissions it states in the docs that we allow. #3169 |
UPDATE:
|
Update: changes in client have been merged into develop. |
@rowasc This has passed for QA. |
Confirmed in http://targetedsurveytesting.v3-qa.ush.zone/ works as expected. |
Expected behaviour
Actual behaviour
Steps to reproduce the behavior/error
Where
The text was updated successfully, but these errors were encountered: