Permissions

[maxceem]

• During job editing Jobs Edit UI #12 (comment). Let's place the status field in read-only. Only BookingManager / Topcoder Admin can edit those fields.

• "Edit Job Details" button (Jobs Edit UI #12) should be only visible to the users who can edit jobs:
  

  • also the edit job page should be only accessible for the same users, and return "Access Denied" to other users if we try to navigate to the Edit Job page by other users

• "Edit Member Details" action:

  

  and "Edit Member Details button

  

  Should be only visible to BookingManager / Topcoder Admin users.

  • also the edit member details page should be only accessible for the same users, and return "Access Denied" to other users if we try to navigate to the Edit member details page by other users

• "Member Rate" on the View/Edit Member Details page is shown to all the users. It should only be shown to Booking Manager and Topcoder Admins. For other users it should be hidden.

• Hide Yes No buttons for Candidates list for user without access to update candidate status Hide Yes No buttons for Candidates list for user without access to update candidate status #38

[maxceem]

At the moment 3 points out of 5 are ready for QA in this ticket.

[maxceem]

@sandhiyakavi this is fully ready for testing on DEV.

There is only one case that is not ready and it's logged as a separate issue #112. I'm not sure if we could get it done for the 1.5 realease.

[sandhiyakavi]

@maxceem Below are some of the discrepancies found,

1. Connect Manager and users who are just member of the project(not created the job/project) are able to access the Edit Job page through URL . Not able to edit though

2. Similar issue with edit resource booking page.

3. Also I am able to edit the job with the user who created the job. though Edit Job detail button is not visible. Is that happening for specific users?

bandicam.2021-02-24.19-45-40-449.mp4

4. Also I am not getting the point why to hide member rate field in Edit resource bookings page if the page itself won't be visible for users other than BookingManager/Admin.(Though it's visible now).Please correct me if I am wrong.

[maxceem]

Thank you @sandhiyakavi

1. and 2. good catch, I will fix it.

3. Also I am able to edit the job with the user who created the job. though Edit Job detail button is not visible. Is that happening for specific users?

At the moment we cannot show this button for the users who create jobs because of the API limitation. I've created a separate issue to track this #112. It would be done after we create a new endpoint on API topcoder-platform/taas-apis#154. Not sure if this could be done in this release though.

4. Also I am not getting the point why to hide member rate field in Edit resource bookings page if the page itself won't be visible for users other than BookingManager/Admin.(Though it's visible now).Please correct me if I am wrong.

This is just to make sure we would never accidently show it. Even if tomorrow we would let regular users to edit resource bookings, the member rate would be still hidden for them. As this is a separate requirement we have a separate permission that controls it, so we would not accidentally leak it.

[maxceem]

@sandhiyakavi regarding 1 and 2 it may take some time to fix it. But it looks for me that we might treat it as enhancement rather than a bug:

• user don't see links to access these pages
• even if user access this pages by the direct link, they cannot see there any secret data
• even is user tries to edit, they would get error form the server that they don't have permissions

So I suggest treat this issue as done, and I've logged a new issue to make this improvement #117

[sandhiyakavi]

Verified on Dev Env.Working as expected

[sandhiyakavi]

Fixed: 🆗 in Production via milestone v1.5

The Edit Job Details button and Edit Resource Booking Details button and Edit Resource booking links are not visible for a member of the project.

Member rate not visible and Status read only in Job edit page for member of the project.

@lakshmiathreya Needs BookingManager, Admin and Manager role for checking the below features.

1. During job editing Jobs Edit UI #12 (comment). Let's place the status field in read-only. Only BookingManager / Topcoder Admin can edit those fields. (In Job Editing page).
2. Edit Job Details" button visible to the Booking Manager and not to Connect Manager.
3. "Edit Member Details" action and "Edit Member Details" button only visible to BookingManager / Topcoder Admin
4. "Member Rate" on the View/Edit Member Details page is shown to all the users. It should only be shown to Booking Manager and Topcoder Admins. For other users it should be hidden.
5. Hide Yes No buttons for Candidates list for user without access to update candidate status. Need to check for Connect Manager role.

[lakshmiathreya]

1. Job Editing by Admin and BM ...

[lakshmiathreya]

2. Connect manager not seeing Job Edit and Member Edit :

[lakshmiathreya]

3. Done
4. Member rate seen by Admin and BM:

[lakshmiathreya]

5. @sandhiyakavi pls attach a Dev screenshot for this as reference. I will verify Connect Mgr on Prod based on that.

[sandhiyakavi]

@lakshmiathreya Screenshots of Dev Env
2. Edit Job Details" button visible to the Booking Manager and not to Connect Manager.

5. Review Candidates page for Connect Manageer in Dev Env.

[lakshmiathreya]

Booking Manager -

[lakshmiathreya]

Connect Manager -

[lakshmiathreya]

Admin -

[lakshmiathreya]

5. Connect manager unable to see Yes/No in Review candidates. However, Admin/BM are also not able to see Yes/No. Will close this and add this Q to Hide Yes No buttons for Candidates list for user without access to update candidate status #38