You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The data officer can change data from the users that are linked to the same institution. this behavior is desirable. However, the data officer can change the institution id users are linked to, this brings unwanted behavior we do not want.
For example, a certain data officer with institution id = 1, would like to change a user from the same institution and changes the institution id = 2. This is possible because he changed the user that had initially the same institution, however it links the user to an institution he doesn't have any rights to.
The same applies to the data officer self. The data officer can change his own institution id to link himself to other institutions.
To Reproduce
Steps to reproduce the behavior:
Find a user with the same institution as an officer id.
Change this user with the officer id, and update the institution id
The institution id is changed to an institution the data officer has no rights for
Expected behavior
The data officer should not be able to change the institution id, but should be able to delete the institution id if he wants to unlink a user from their institution.
The text was updated successfully, but these errors were encountered:
Describe the bug
The data officer can change data from the users that are linked to the same institution. this behavior is desirable. However, the data officer can change the institution id users are linked to, this brings unwanted behavior we do not want.
For example, a certain data officer with institution id = 1, would like to change a user from the same institution and changes the institution id = 2. This is possible because he changed the user that had initially the same institution, however it links the user to an institution he doesn't have any rights to.
The same applies to the data officer self. The data officer can change his own institution id to link himself to other institutions.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
The data officer should not be able to change the institution id, but should be able to delete the institution id if he wants to unlink a user from their institution.
The text was updated successfully, but these errors were encountered: