Does "can_verify_reports" require the "can_edit" permission before the kebab menu becomes visible?

We’re leaning more and more into the functionality CHT provides.
One of them being the ability to verify captured reports.
We’d like to spread this responsibility between our DHOs and Team leads.

We’ve noticed that when granting the “can_verify_reports” to our above mentioned roles, there’s no kebab menu to enable performing the action.
Only after also granting the “can_edit” permission, are we able to perform the desired action.

This unfortunately also gives both roles the ability to edit the hierarchy in the contacts tab.
Is there a way around this?

Hi @anro

Removing can_edit permission is a wide blocker to editing any documents. Reviewing a report implies saving a new verified property on the document, so it implies an edit to this doc. This is why can_edit is required in order to show the review option.

At the moment I don’t think we have a direct option to block editing of contacts, at least not a clean direct one (maybe some configs are using some tricks to achieve this).
I’ve created an issue: Add permission to allow or block editing contacts in webapp · Issue #8867 · medic/cht-core · GitHub mainly because we already have a can_update_reports permission which gets checked for reports.