User can navigate to screens they are not authorized to view

Description

I noticed an issue when I was executing OLMIS-2389. The user who should only see "Home" on the navigation bar sees also "Requisitions", and can navigate to the "Approve" and "View" screens. The user should see only "Home", even though he has the Program Supervisor role for Family Planning because he has no home facility. What's interesting, the user sees requisitions for ARV and Lilongwe Health Center on the "View Requisitions" screen. The issue occurs on both browsers, and clearing cache doesn't fix it.

Reproduction steps:

  1. Create a user without a home facility.

  2. Assign the Program Supervisor for Family Planning supervision role to the user without Supervisory Node set.

  3. Log into the application as the user.

  4. The user sees not only "Home" on the navigation bar, but also "Requisitions".

Expected results:

  • Users without home facility should only see the "Home" option on the navigation bar, despite having supervision roles assigned.

Dev notes:

  • Pay special attention to what happens during the log-in for the user and clean up stuff there.

 

Environment

None

Assignee

Paweł Pinker

Reporter

Joanna Bebak

Story Points

3

Time tracking

56h

Epic Link

Components

Sprint

None

Fix versions

Priority

Major
Configure