Sharing Feature not working for Dashboards

Bug #1453569 reported by Dapo Adejumo on 2015-05-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
DHIS
Medium
Morten Olav Hansen

Bug Description

Dashboards do not respect sharing settings when configured . For instance users who have not been given the authority to edit a dashboard can do so . Replicated on the demo server ( To do this , create a dashboard and assign only read permissions to "public" , then create a new user and login - new user can edit contents of dashboard )

Affects 2.18 Rev 18411

Morten Olav Hansen (mortenoh) wrote :

Hi

Can you try and replicate this on http://apps.dhis2.org/demo? (2.19), there shouldn't be any updates to ACL since 2.18, so the bug should be there also.. I have tested on 2.19 / 2.20, and it behaves as it should

(I'm assuming the new user does not have the ALL authority, which overrides all kinds of sharing)

Morten Olav Hansen (mortenoh) wrote :

This have now been fixed in trunk, 2.19, 2.18.

Changed in dhis2:
status: New → Fix Committed
assignee: nobody → Morten Olav Hansen (mortenoh)
milestone: none → 2.20
Dapo Adejumo (dapo-adejumo) wrote :

Thanks. Will test and give feedback.

Morten Olav Hansen (mortenoh) wrote :

Hi,

I should have completed your other bug report sorry, but I think maybe it was related. Can you please test it and see if it works better? also, if it does not.. can you reproduce on /demo for me?

Changed in dhis2:
status: Fix Committed → New
Dapo Adejumo (dapo-adejumo) wrote :

Hi Morten,
This bug is still there. Let me explain a bit more. The dashboard itself respects the sharing settings - i.e a user without edit rights cannot manage the dashboard (delete or share it) . This however does not follow with the dashboard items, a user without write permissions can move,resize or delete dashboard items . Easy to replicate on demo - Change any of the existing dashboard sharing settings to allow public only view authority, create a guest user and login. You will see that you can manipulate the dashboard items (not the dashboard itself though).

Changed in dhis2:
importance: Undecided → Medium
Changed in dhis2:
status: New → Fix Committed
Morten Olav Hansen (mortenoh) wrote :

This have been fixed in 2.19/trunk.

Dapo Adejumo (dapo-adejumo) wrote :

Great! Thanks Morten, will test and give feedback.

Morten can you back-port this fix to 2.18. We are facing this challenge
with our National server.

Cheers

Wilfred F. Senyoni
Computer Science and Engineering Department
College of Information and Communication Technologies
University of Dar es salaam

On Fri, Jul 17, 2015 at 11:53 AM, Dapo Adejumo <email address hidden>
wrote:

> Great! Thanks Morten, will test and give feedback.
>
> --
> You received this bug notification because you are a member of DHIS 2
> developers, which is subscribed to DHIS.
> https://bugs.launchpad.net/bugs/1453569
>
> Title:
> Sharing Feature not working for Dashboards
>
> Status in DHIS:
> Fix Committed
>
> Bug description:
> Dashboards do not respect sharing settings when configured . For
> instance users who have not been given the authority to edit a
> dashboard can do so . Replicated on the demo server ( To do this ,
> create a dashboard and assign only read permissions to "public" , then
> create a new user and login - new user can edit contents of dashboard
> )
>
> Affects 2.18 Rev 18411
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/dhis2/+bug/1453569/+subscriptions
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to : <email address hidden>
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help : https://help.launchpad.net/ListHelp
>

It should already be in 2.18, please download latest and try

On Friday, July 17, 2015, Wilfred Senyoni <email address hidden> wrote:

> Morten can you back-port this fix to 2.18. We are facing this challenge
> with our National server.
>
> Cheers
>
> Wilfred F. Senyoni
> Computer Science and Engineering Department
> College of Information and Communication Technologies
> University of Dar es salaam
>
> On Fri, Jul 17, 2015 at 11:53 AM, Dapo Adejumo <<email address hidden>
> <javascript:_e(%7B%7D,'cvml','<email address hidden>');>> wrote:
>
>> Great! Thanks Morten, will test and give feedback.
>>
>> --
>> You received this bug notification because you are a member of DHIS 2
>> developers, which is subscribed to DHIS.
>> https://bugs.launchpad.net/bugs/1453569
>>
>> Title:
>> Sharing Feature not working for Dashboards
>>
>> Status in DHIS:
>> Fix Committed
>>
>> Bug description:
>> Dashboards do not respect sharing settings when configured . For
>> instance users who have not been given the authority to edit a
>> dashboard can do so . Replicated on the demo server ( To do this ,
>> create a dashboard and assign only read permissions to "public" , then
>> create a new user and login - new user can edit contents of dashboard
>> )
>>
>> Affects 2.18 Rev 18411
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/dhis2/+bug/1453569/+subscriptions
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to : <email address hidden>
>> <javascript:_e(%7B%7D,'cvml','<email address hidden>');>
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help : https://help.launchpad.net/ListHelp
>>
>
>

--
--
Morten

Dapo Adejumo (dapo-adejumo) wrote :

Hi Morten,
Thanks for the fix.....we are almost there now. Like you said, restricted users are still able to move items but new positions are not saved - that is correct. However, restricted users are still able to resize items, can also be quite troublesome, please take a look.

Martin Brocker (margin) wrote :

Hi

I am running into the same issue that Dapo mentioned (#10) with regards to the the resizing of dashboard items. Setting the "Public access" to "View Only" restricts the other users from deleting it or moving it around but it doesn't prevent them from resizing the items. Resizing of items seem to be saved regardless of the access setting.

Version: 2.21
Build revision: 21010
Build date: 2016-01-20 22:30

Martin Brocker

Morten Olav Hansen (mortenoh) wrote :

Should now be fixed in latest 2.21, 2.22, and trunk. Please give our servers about 30-40 min before you download a new version.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers