Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User Lab Permissions Filtering Bug #1371

Closed
wants to merge 22 commits into from
Closed

User Lab Permissions Filtering Bug #1371

wants to merge 22 commits into from

Conversation

pascagihozo
Copy link
Contributor

@pascagihozo pascagihozo commented Jan 5, 2025
edited
Loading

Pull Requests Requirements

  • The PR title includes a brief description of the work done, including the
    Issue number if applicable.
  • The PR includes a video showing the changes for the work done.
  • The PR title follows conventional commit label standards.
  • The changes confirm to the OpenElis Global x3 Styleguide and design
    documentation.
  • The changes include tests or are validated by existing tests.
  • I have read and agree to the Contributing Guidelines of this project.

Summary

The current implementation fails to properly filter laboratory sections based on user permissions. Users with restricted access are incorrectly shown all lab sections instead of only those they are authorized to view. This security issue allows users to see test sections outside their assigned roles (e.g., a user with only Cytology and Biochemistry permissions can view all labs).

change code snippets

[Add relevant screenshots here if applicable]
image
image
image
image

Related Issue

[Add a link to the related issue or mention it here if applicable]

Proposed Fix

Update the permission filtering logic in UserServiceImpl to correctly validate and restrict lab section access based on the user's assigned roles and permissions.

[Add any additional information or notes here]

@mozzy11 @caseyi

pascagihozo and others added 18 commits September 16, 2024 20:37
@pascagihozo
Implemented CSV report feature on Patient Status Report, added endpoi…
e2fbeb4 
…nt in the rejection controller and a function at the frontend to call that point
@pascagihozo
updating the endpoint on frontend
4e5c6ab
@pascagihozo
Formatted code on both frontend and backend
a08eaba
@mozzy11
Merge branch 'develop' into develop
a698712
@mozzy11
Merge branch 'develop' into develop
26fb7c5
@mozzy11
fix CSV patient status report
30ba23d
@mozzy11
apply formatter
430abd7
@mozzy11
remove unused code
73ac5c8
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
1bf698f
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
c04bc4c
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
674bc08
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
94f6ede
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
792306e
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
2514c84
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
624b9b5
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
314b78a
@pascagihozo
Merge branch 'I-TECH-UW:develop' into develop
61baf2a
feat: filter test sections based on user's lab unit selection
5df7b92
@Agaba-derrick
Copy link
Contributor

hey @pascagihozo do you mind running ```

cd frontend
npm run format

to make the frontend checks successfully pass

@pascagihozo
Copy link
Contributor Author

Thank you @Agaba-derrick

@mozzy11
Copy link
Collaborator

mozzy11 commented Jan 7, 2025

Thanks @pascagihozo .

@mozzy11
Copy link
Collaborator

mozzy11 commented Jan 7, 2025

Fixed in thsi PR #1374

@mozzy11 mozzy11 closed this Jan 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pascagihozo @Agaba-derrick @mozzy11