Skip to content

Reviewers can revoke their own access

Steps to reproduce

Login with a reviewer account, go to Tutors page and revoke access of logged in user.

What is the current bug behavior?

The logged in user can revoke their access, rendering them useless as they can only gain access again by setting the appropriate field in the database manually.

What is the expected correct behavior?

Reviewers should not be able to revoke their own access or should at least be warned if trying to do so

Possible fixes

Add a confirmation dialog upon revokation

OR

Don't let reviewers revoke their own access by doing checks in the backend