Project

General

Profile

Edit Log time Actions
Copy link

Bug #624

open

patient record can be deleted/saved if logged out

Added by Miroslav Blaško almost 6 years ago. Updated about 1 month ago.

Status:
New
Priority:
Low
Assignee:
-
Start date:
18.05.2018
Due date:
% Done:

0%

Estimated time:
Quote

Description

It seems it is possible to save/remove a record without being logged in. This was done using test user which was logged into by "impersonate". Then in 2 separate tabs patient records were accessed, while tabs were used to both logout and save/delete a record.

History log:
DELETE_RECORD_SUCCESS Non-logged user 18-05-2018 00:42:26:004 Open
SAVE_RECORD_SUCCESS Non-logged user 18-05-2018 00:41:45:211 Open

Content of DELETE_RECORD_SUCCESS entry: {
"record": {
"uri": "http://vfn.cz/ontologies/study-manager/patient-record#instance-731093989",
"key": "1489934504456893975",
"localName": "test1",
"author": {
"uri": "http://vfn.cz/ontologies/study-manager/test-test-1825",
"firstName": "test",
"lastName": "test",
"username": "doctor1",
"emailAddress": "",
"isInvited": false,
"institution": {
"uri": "http://vfn.cz/ontologies/study-manager/institution#instance-327934514",
"key": "27568955022722525306",
"name": "admin_institution"
},
"types": [
"http://vfn.cz/ontologies/study-manager/doctor"
]
},
"dateCreated": 1526596817884,
"lastModified": 1526596903252,
"lastModifiedBy": {
"uri": "http://vfn.cz/ontologies/study-manager/test-test-1825",
"firstName": "test",
"lastName": "test",
"username": "doctor1",
"emailAddress": "",
"isInvited": false,
"institution": {
"uri": "http://vfn.cz/ontologies/study-manager/institution#instance-327934514",
"key": "27568955022722525306",
"name": "admin_institution"
},
"types": [
"http://vfn.cz/ontologies/study-manager/doctor"
]
},
"institution": {
"uri": "http://vfn.cz/ontologies/study-manager/institution#instance-327934514",
"key": "27568955022722525306",
"name": "admin_institution"
}
},
"key": "1489934504456893975"
}

Edit Log time Actions
Copy link

Also available in: Atom PDF