Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Refresh right assignments on structural changes to supervisory hierarchy

Description

Currently, right assignments are changed when a user's role assignments are changed, which is fine for direct and fulfillment role assignments. However, for supervisory structural changes, right assignments need to be refreshed in order for them to stay in sync with the supervisory structure. Some scenarios:

  • When a facility is added to/removed from requisition group

  • When a facility's program support is added/removed

  • When a requisition group's program support is added/removed

  • When a requisition group is added to/removed from a supervisory node

  • When a supervisory node is added to/removed from another supervisory node

  • Another scenario not exactly about hierarchy, but applies: when rights are added to/removed from a role

Another way to think of it are the API endpoints where logic would need to be added:

  • PUT /facilities/id (update facility's supported programs)

  • POST /requisitionGroups (create a new requisition group with supervisory node)

  • PUT /requisitionGroups/id (create a new requisition group with supervisory node, update requisition group's facilities, programs, and/or supervisory node)

  • DELETE /requisitionGroups/id (delete a requisition group, disassociating from supervisory node)

  • PUT /supervisoryNodes/id (update supervisory node's parent/child nodes)

  • PUT /roles/id (update role's rights)

Acceptance Criteria

  • Determine any other scenarios where right assignments need to be refreshed

  • Add code to update right assignments table in these cases

Attachments

2

Confluence content

mentioned on

QAlity Plus - Test Management

Checklists

Activity

Josh Zamor 
October 11, 2017 at 3:26 AM

I ran through a few more scenarios through the UI and couldn't trip it up. Putting into QA.

Chongsun Ahn 
September 28, 2017 at 11:58 PM

Hmm, it seems like this issue stems from the UI calling supervisedFacilities, which doesn't use right assignments, and there may be a bug there.

I do see that the right assignments code doesn't filter out inactive supported programs, so that's a bug I can fix. However, this leads to another question; there is a start date for supported programs; should I also filter out program support that has a future date?

Chongsun Ahn 
September 28, 2017 at 8:03 PM

I don't see a screenshot of the error? Will try to reproduce.

Josh Zamor 
September 28, 2017 at 5:46 PM

This has passed code review and I believe the backend changes are effective, however I think the front-end has a mismatched expectation.

Steps:

  • login as administrator on test

  • goto Admin -> Facilities

  • Select Balaka hospital

  • Remove the hospital from supporting the family planning program

  • Log out, back in (optional)

  • Goto Requisitions -> Initiate

  • Select Supervised facilities, family planning, Balaka hospital

  • Click initiate, see the error (screen shot)

Expected:

  • after log out and log back in when I've changed my rights, I should either not see the facility in the list, or I should get a permission denied error.

I'm not actually sure this change introduced this sort of issue, just raising it so we're aware and can think of how to fix. Passing back to you .

Chongsun Ahn 
September 19, 2017 at 10:02 PM

From design discussion, it was decided that since refreshing about 200,000 right assignments to the table took about 11 seconds locally, it's possible to take a "context unaware" approach to updating the right assignments table. Meaning, that anytime the right assignments table needs to be updated, we drop the entire table and re-generate all right assignments. Since several seconds is still too long to do synchronously (and for the client to have to wait), we would look into adding a way to update the table asynchronously (Spring Cloud? Spring Batch? something like that).

This seems like a plausible approach because:

  1. this would happen infrequently (updating supervisory nodes, requisition groups, facilities as members)

  2. it can be done asynchronously; there would be dirty reads of only up to 30 seconds, which would be inconsequential to most users (non-admins would need to log out and log back in anyways, since their permissions are cached)

Done
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Components

Sprint

Fix versions

Priority

Time Assistant

Created August 15, 2017 at 11:23 PM
Updated October 18, 2017 at 9:15 AM
Resolved October 11, 2017 at 10:55 PM

Flag notifications