Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix duplicate privileges in mobile app #1459

Closed
Tracked by #1608
mahalakshme opened this issue Jul 8, 2024 · 6 comments
Closed
Tracked by #1608

Fix duplicate privileges in mobile app #1459

mahalakshme opened this issue Jul 8, 2024 · 6 comments
Assignees
@himeshr
Labels
High Risk (Risky)

Comments

@mahalakshme
Copy link
Contributor

mahalakshme commented Jul 8, 2024
edited
Loading

As is:

Currently voided field in groupPrivileges table is not synced. But it needs to be synced to fix the privilege conflicts in mobile app.

AC:

  • Sync voided field(independent of the version) also for group privileges to mobile app - which means will get fixed only after mobile upgrade which is fine.
  • Whenever checking(say to display 'Edit' button on an encounter) for privileges in mobile app, check for only unvoided.
@mahalakshme mahalakshme converted this from a draft issue Jul 8, 2024
@mahalakshme mahalakshme moved this from In Analysis to In Analysis Review in Avni Product Jul 8, 2024
@mahalakshme mahalakshme mentioned this issue Jul 8, 2024
Closed
@mahalakshme mahalakshme moved this from In Analysis Review to Ready in Avni Product Jul 9, 2024
@himeshr himeshr self-assigned this Jul 10, 2024
@himeshr himeshr moved this from Ready to In Progress in Avni Product Jul 10, 2024
@himeshr
Copy link
Contributor

himeshr commented Jul 10, 2024
edited
Loading

Analysis of Privileges sync and usage in client

  • All group privileges for an organisation, across all userGroups are always synced to the client, irrespective of the user loggedIn
  • During privilege check, we filter and use only applicable userGroup groupPrivileges which are set to allow "True"
  • We do not save voided field information in avni-client therefore, logic to use it also doesn't exist
  • On Avni webapp, we do make use of groupPrivilege.isVoided flag to control privilege config on App Designer and Avni Webapp in general
  • On Avni server, we do make use of only non voided groupPrivilege to controll CRUD access to Avni Generic entities via External APIs and web apis

Discussion info

After further discussion, we found that introducing the additional "voided" flag, does not seem to have an effective change in privilege handling, even after server and client app upgrades for a user.
Instead, during data fix, marking duplicate entries with allow = "false" is a more effective means to ensure that the expected change in User access is effected using groupPrivileges sync.

Conclusion

We'll not make any code changes with respect to groupPrivileges sync.
Instead, we'll set the allow field to "FALSE" for all duplicate entries and also mark them as voided in avniproject/avni-server#746

@himeshr himeshr moved this from In Progress to QA Ready in Avni Product Jul 10, 2024
@himeshr
Copy link
Contributor

himeshr commented Jul 10, 2024

Card is a Tech QA Card, which would be validated by myself, as i already have debugging and analysis context.

@himeshr himeshr mentioned this issue Jul 10, 2024
Closed
@AchalaBelokar AchalaBelokar moved this from QA Ready to In QA in Avni Product Jul 10, 2024
@AchalaBelokar AchalaBelokar moved this from In QA to QA Ready in Avni Product Jul 11, 2024
@mahalakshme mahalakshme moved this from QA Ready to Code Review with Comments in Avni Product Jul 16, 2024
@mahalakshme mahalakshme moved this from Code Review with Comments to QA Ready in Avni Product Jul 16, 2024
@mahalakshme mahalakshme moved this from QA Ready to In QA in Avni Product Jul 16, 2024
@mahalakshme mahalakshme moved this from In QA to QA Ready in Avni Product Jul 16, 2024
@himeshr himeshr moved this from QA Ready to In QA in Avni Product Jul 17, 2024
@himeshr himeshr moved this from In QA to Further Action Required in Avni Product Jul 17, 2024
@himeshr
Copy link
Contributor

himeshr commented Jul 22, 2024

Executed the GroupPrivileges correction queries on production.
ProdSqlsLogs.txt
ProdSqlsExecuted.txt

@himeshr himeshr closed this as completed Jul 22, 2024
@github-project-automation github-project-automation bot moved this from Further Action Required to Done in Avni Product Jul 22, 2024
@kushboojain-iplit
Copy link

@himeshr The above file with the sql statements to update group_priviledge needs to be run before pulling the latest version of avni-server so that the migration to check uniqueness doesn't fail?

@mahalakshme
Copy link
Contributor Author

mahalakshme commented Aug 6, 2024
edited
Loading

@kushboojain-iplit you can run the below query alone, no need to run all the statements:

WITH group_privileges_duplicates AS
         (SELECT id,
                 ROW_NUMBER() OVER
                     (PARTITION BY group_id,privilege_id,subject_type_id,program_id,program_encounter_type_id,encounter_type_id,checklist_detail_id
                     ORDER BY last_modified_date_time desc)
                     AS rn
          FROM group_privilege
          where is_voided = false)
update group_privilege
SET last_modified_date_time = current_timestamp + (random() * 1000 * (interval '1 millisecond')),
    last_modified_by_id     = ${valid_user_id},
    is_voided= true,
    allow                   = false
FROM group_privileges_duplicates
where group_privilege.id = group_privileges_duplicates.id
  and group_privileges_duplicates.rn > 1;

@kushboojain-iplit
Copy link

@mahalakshme Thank you so much
I'll try this out

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@himeshr himeshr

Labels
High Risk (Risky)
Projects
Avni Product
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mahalakshme @himeshr @kushboojain-iplit