Modify non-admin users access to the patient consultation record

[nihal467]

Describe the bug

Once a patient is discharged from a facility, the non-admin users of the facility, can view the details page and see the card of the consultation specific to their facility, but when they try to view the consultation detail page, they are taken to a 404 page

To Reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior

Refer the mentioned conversation for final behavior
(#8727 (comment))

Screenshots

[aparnacoronasafe]

@nihal467 staff at hospital should be able to view all previous records from the facility (all facilities they have access to).

The staff should NOT be able to open and view history from any facility that they currently do not have access to.

[github-actions]

Hi, @coronasafe/care-frontend-maintainers, This issue has been automatically marked as stale because it has not had any recent activity.

[gigincg]

Given the access control is already working fine, just disabling the button based on the conditions should solve this

[Waheedsys]

hi @nihal467 i would like to try to work on this can you please assign it to me

[Sulochan-khadka]

Given the access control is already working fine, just disabling the button based on the conditions should solve this

What about the "View/Upload Consultation Files" button? Should that button also be disabled for staff? It seems fine in the dev env though. Where is the issue?

[AdityaJ2305]

Hey @nihal467, I’d like to work on this issue. Could you please assign it to me and clarify the final expected behaviour?

[nihal467]

@Sulochan-khadka unassigning you from the issue due to inactivity, @AdityaJ2305 are you still interested in working on this issue

[noufalrahim]

@nihal467 can I work on this..? Can u assign me..

[Sulochan-khadka]

@Sulochan-khadka unassigning you from the issue due to inactivity, @AdityaJ2305 are you still interested in working on this issue

I became inactive because was unsure what was the conclusion of the discussion on the PR. Kindly clarify and will submit within 24, hrs.

[AdityaJ2305]

@Sulochan-khadka unassigning you from the issue due to inactivity, @AdityaJ2305 are you still interested in working on this issue

Yes, but I think @Sulochan-khadka got this already

[gurramkarthiknetha]

@Sulochan-khadka can I work on this..? Can u assign me..

[Sulochan-khadka]

@nihal467 what is the access level of
"WardAdmin" , "LocalBodyAdmin" , "DistrictLabAdmin" , "DistrictReadOnlyAdmin" , "StateLabAdmin" , "StateReadOnlyAdmin" , "StateAdmin" ?

As per the discussion we had in the previous PR, DistrictAdmin has complete access regardless of the permitted facilities. How about the other Admins stated above?

Also since the requirement was changed from disabling button to giving error, should the "Add consultation updates " remain disabled for discharged patient?

Suggestions for the error message?

[Sulochan-khadka]

@nihal467 @rithviknishad could you kindly let me know the outcome of the PR? i hope to close this in 24 hrs. Also , would be great if you may answer the above asked questions...

[rithviknishad]

Already mentioned in issue comment: #8727 (comment)

[Sulochan-khadka]

Already mentioned in issue comment: #8727 (comment)

so i think the above approach and message is good to go with? Also only the district-admin can have all the access, other admins can only access permitted facilities...?

[nihal467]

not a requirement based on the current develop , we moved to RBAC