Bug #2717
open[Attendees] User can delete an attendee by clicking the 'DELETE' button, even though this functionality should be restricted to admins only.
0%
Description
Environment:
"https://qainterrapt.brainster.xyz/login"
Browser:
PC/Microsoft Windows 11 V. 23H2 (OS Build 22631.4460)/ Version 131.0.6778.86 (official Build) (64-bit)
PC/Microsoft Windows 11 V. 23H2 (OS Build 22631.4460)/ Version 131.0.2903.70 (official Build) (64-bit)
Apple iPhone 14 pro/ iOS Version 18.1.1 (22B91)/ Safari 18.1 on iOS 18.1 (24-bit)
Pre-conditions:
The User is logged in as a regular user on the "Attendees" page, with a record of attendees that can be deleted.
Steps to reproduce:
1. Login as a regular user.
2. Click on the "Attendees" menu.
3. Find a record from the precondition.
4. Click on the red 'DELETE' button.
5. Observe the Action.
6. Observe the validation message in a pop-up window.
Expected Result:
The 'DELETE' button should be disabled or hidden for regular users, and only accessible to admins, preventing them from deleting an attendee.
Actual Result:
Regular users are able to click the 'DELETE' button and delete an attendee, although this action should be restricted to admins only.
Files
