Uploaded image for project: 'OpenHIM'
  1. OHM-735

Non-admin users cannot view bodies when requesting multiple transactions through the API

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: None
    • Fix versions: 5.0
    • Labels:
      None
    • Story Points:
      3
    • Sprint:
      Mercury 2019 - Sprint 1

      Description

      The Medscheme failures report needs to retrieve request and response message bodies.
      The report needs to run as a non-admin user and make API calls (/transactions?filterRepresentation=full) to OpenHIM core to retrieve data.
      On the API call for getTransactions(), the filter representation is overridden for non-admin users to (default) a value that causes request and response bodies to not be returned by the call.
      See https://github.com/jembi/openhim-core-js/blob/0ee8da5bc7661ce160d71d38b4d1a367a7b578cd/src/api/transactions.js#L136-L137.
      It should be smarter in allowing certain properties based on whether or not the user has `txViewFullAcl` for the transaction's channel.

        TestRail: Results

          Attachments

            Activity

              People

              • Assignee:
                martin Martin Brocker
                Reporter:
                removed74 Former user (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  TestRail: Cases