Plan Collaborators With "Read only" Permissions Are Still Able to Add Contributors to a Plan

[aaronskiba]

Please complete the following fields as applicable:

What version of the DMPRoadmap code are you running? (e.g. v2.2.0)
v4.2.0

Expected behaviour:

• I'm not 100% sure. However, I'd assume that collaborators with "read only" access on a plan shouldn't be able to modify it in any way.

Actual behaviour:

• Plan collaborators with "read only" can successfully add a contributor to a plan.
  Steps to reproduce:

• 1. Add a collaborator and give them "read only" access

• 

• 2. Sign into the app as the added "read only" user and navigate to the corresponding plan

• 

• 3. Try adding a contributor to the plan

• 

• 

[aaronskiba]

@martaribeiro is this in fact unwanted behaviour?

[johnpinto1]

@aaronskiba This looks like a bug.

[martaribeiro]

I think it was @briri who added this feature to Roadmap. Maybe he had a reason to allow a "read only" user to add a contributor to a plan.
I asked Diana and Magdalena to see if there was a reason for this. We are not sure either. To me looks like a bug as John said.

[briri]

Yes, sounds like a bug. I can't think of a scenario where a read-only account would need to add contributors