While we were giving Elizabeth from OFCO a tour of Sprout, we noticed that she could see the 'Move to another referral' button on visit reports, and 'Add a date' links on a referral.
We should investigate whether these calls to action appear on the UI but are not allowed at the API level (authorizations) for what should be read-only users.
OFCO is org id 1358 in prod, is marked as readOnlyWithinRegion, all users in the org are socialWorker=true.
While we were giving Elizabeth from OFCO a tour of Sprout, we noticed that she could see the 'Move to another referral' button on visit reports, and 'Add a date' links on a referral.
We should investigate whether these calls to action appear on the UI but are not allowed at the API level (authorizations) for what should be read-only users.
OFCO is org id 1358 in prod, is marked as readOnlyWithinRegion, all users in the org are socialWorker=true.