Not having the `can_create_users` doesn't stop `user_for_contact` in xlsx form

For context, our CHW role has the can_create_places & can_create_people permissions.
This is due to the need to create households and household members on the fly.

The can_create_people permission allows the CHW to create a person on any place item, including the Indawo level, which enables them to create another CHW.
This is problematic due to the chw-create form utilizing the user_for_contact functionality - which generates a login user.
This enables any CHW to add any person as new CHW, unchecked, and enable them to see all the medical data of every patient in that Indawo.
Fortunately we don’t have an SMS supplier set up at the moment, so SMS links aren’t being distributed - however it is a concern since we do plan to implement automatic SMSs in the near future.

The assumption was that since the logged in CHW does not have the permission of can_create_users the chw-create form would not be able to submit successfully OR only create the hierarchy person (which also isn’t too ideal).

Is there a way to hide the chw contact create form conditionally - similar to the app forms?
Or is there a way to halt the submission of the chw-create form if a logged in user is not of a certain role.

For the record, technically this is expected behavior in the sense that we consider users created by user_for_contact to be “created by the system” and not technically “created by the user” (though I acknowledge that the distinction is perhaps a bit confusing since the user triggers the system to create the user…). The goal of the user_for_contact functionality is to allow non-admin (e.g. “offline”) users who normally would not have the can_create_users (because they should not be able to arbitrarily create users) to trigger to system to automatically create users in very specifically defined circumstances. As you have noted, though, this can lead to undesirable outcomes if users have unrestricted access to forms that can trigger the user_for_contact functionality.

Is there a way to hide the chw contact create form conditionally - similar to the app forms?

Yes! You can also configure a properties expression for contact forms!

Or is there a way to halt the submission of the chw-create form if a logged in user is not of a certain role.

Another way to prevent the creation of users in specific contexts would be to update the form logic to only set the user_for_contact.create to true under certain conditions (e.g. the current user has a specific role, etc).

CC @mrjones

2 Likes