🐛 Non-Agreement team members can submit budget line status change #2789
Labels
bug
Something isn't working
Dev Backend Ready
Backend, Pipeline, or other UX related work is refined, and ready for Developers
Expected Behavior
Only Agreement team members should be able to submit budget lines for a status change on the
ReviewAgreement
page.Current Behavior
Non-team members are able to submit budget lines for a status change on the
ReviewAgreement
page, which should not be allowed.Possible Cause
There might be a lack of proper access control or user role validation on the
ReviewAgreement
page or in the backend API that handles budget line status changes.Steps to Reproduce
ReviewAgreement
pageContext
This issue affects the security and integrity of the budget review process. It allows non-team members to make changes that should be limited to team members only. This was observed in the localdev environment of OPS.
See also #2725
Detailed Description
The
ReviewAgreement
page is currently allowing non-team members to submit budget lines for status changes. Only authorized team members should have the ability to make these changes. The system is not correctly validating the user's role or permissions before allowing the submission of budget line status changes.Possible Implementation
The text was updated successfully, but these errors were encountered: