Role permissions not behaving as expected with CSV bulk upload #3296
Labels
Codebase: API
Indicates issue work will be in API
Community Task
Issues that the Ushahidi OSS community is encouraged to contribute to
Theme: Data import
Theme: Users and roles
I created a role to allow a non-admin user with the following permissions:
Bulk Data Import
Edit Their Own Posts
Assigned that role to a new user.
When the user tries to upload the bulk import, user receives following error message:
Access Denied - Sorry, you're not allowed to do that.
User 10 is not allowed to import resource posts #0
Where was the bug observed
Self-hosted Ushahidi 3.0 site - www.librarysites.io
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Expected that user would be able to upload the CSV file and then be able to edit the posts that were contained in the CSV file.
Is there a workaround? What is it.
Give additional permissions to Manage Posts - if I do this the user can then perform the bulk upload and edit the posts, but also has the ability to edit all posts in the deployment even those submitted by other users which is not something that I want to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
URL / Environment where this happened
www.librarysites.io
If the bug is datasource related (e.g. SMS or Targeted SMS), please specify the configuration details (e.g. Frontline + Clickatell, etc):
N/A
Desktop Hardware Details (please complete the following information):
-Version: 69.0.3497.100 (Official Build) (64-bit), also tested in Firefox, but found different bug
Additional context
No problem with bulk upload of same CSV under different account ()admin with all permissions). Also no problem of uploading CSV with the more limited user account if I check the "Manage Posts" permission box.
The text was updated successfully, but these errors were encountered: