Permissions not working

Technical Support
1

Dear all,

I want to restrict the possibility to edit persons to certain user roles.

This is not possible per default. Therefore I have added a permissions to my base_settings.json called can-edit-people.
This step is successfull, the permission shows up in the graphical interface.
I do not give the permission to Community Health Workers, chw.

I then create a properties file for the contacts form person-edit called
person-edit.properties.json
This is my properties file

{
        "title": "Edit Person",
        "context": {
                "person": true,
                "place": false,
                "expression": "contact.type === 'person'",
                "permission": "can_edit_people"
        }
}

I then convert and upload the contact forms.
Yet, chw users can still edit people, notable they can edit the person of their colleagues, which we do not want.

According to the docs

This should work. Am I missing something?

2

Hi @raf

Unless I’m missing something, I don’t think permissions that you set on contact forms are ever applied, like they are for report forms. As far as I can tell, there’s no way of preventing contact edits.

The permission only works for creating contacts: Add ability to hide the action/option to create a contact · Issue #6401 · medic/cht-core · GitHub
We also a followup issue to complete this work: Prevent users from opening and filling forms they're not authorized to see/fill · Issue #6505 · medic/cht-core · GitHub

3

Hello @diana,
Oh no!
Are you sure? What does that in the docs means then?

Starting in cht-core release 3.10, we can now configure property files in contact forms to show or hide them based on an expression or permission as specified in the app form schema.
4

Hi @raf

I think we’ve only added that for contact create forms (Add ability to hide the action/option to create a contact · Issue #6401 · medic/cht-core · GitHub).
We should change the docs to clarify that: Update contact forms documentation to reflect that only contact create forms support permissions · Issue #733 · medic/cht-docs · GitHub