CCE user with view only rights can make edit
As the user DIVO1 who only has "View Cold Chain Equipment Inventory" right, I can select View in the CCE Inventory and click the Edit button to make edits. Since I do not have the "Edit Cold Chain Equipment Inventory" right, I should NOT be able to edit.
This is a bug caused in the UI.
(A) Users who do not have the "Edit Cold Chain Equipment Inventory" right cannot see the Edit button from the View CCE details modal. The Edit button is hidden.
(B) Users who do not have the "Edit Cold Chain Equipment Inventory" right cannot see the "Add Equipment" button on the CCE Inventory page. The add button is hidden.
(C) Users who do not have the "Edit Cold Chain Equipment Inventory" right cannot update the function status of an inventory item from the CCE Inventory list page.
The user can open a modal with the inventory item
Later tickets will address changing the icon in the inventory item list, as it should be stateful, but that is too much work to consider in the scope of this ticket
I tested the ticket, and everything works correctly.
The testing of the ticket is currently blocked because when one chooses "CCE Inventory" from the menu as either of the users with the use of which one should perform the test (divo1, divo2, vsrmanager1 and vsrmanager2), the following error message occurs:
and the CCE Inventory is not visible. is currently working on the solution of this problem.
I've updated the A/C for this ticket to reflect the discussion on slack where we decided to simplify the design to make working around problems with the AuthorizationService.hasRight() method (which can be incorrect) for reasons mentioned in OLMIS-3598.
Here is some guidance for implementing these changes (and I'm referencing the AC)
AC: B I'd still use the AuthorizationService.hasRight method for a generic check for now. Eventually we should do a generic right test against the PermissionService, but I don't see a reason to do that now.
AC: C Use a solution like AC: A to change the update status modal. If there is an opportunity to keep the code DRY, please do it – but if it doesn't seem obvious, don't worry about it for now.
Good catch, thanks!
How is this ticket 'blocked' and in QA // please move back to "in progress" if that is the correct place