Security: Fine Grained Permission for Viewing Organization Settings Is not used
-------------------------------------------------------------------------------
Key: MIFOS-3368
URL: http://mifosforge.jira.com/browse/MIFOS-3368
Project: mifos
Issue Type: Bug
Components: Authentication
Affects Versions: Release 1.5.1, Shamim D, Release E - Iteration 2, Release
E - Iteration 3
Reporter: keithwoodlock
Fix For: Release E - Iteration 2, Release E - Iteration 3
When creating dynamic roles in mifos, a user can select a from list of fine
grained permissions.
currently its is possible to select 'Can view organization settings' from
'Configuration Management' section however when moving off struts to spring
mvc, it was noticed that the ViewOrganizationSettingsAction was checking that
user had permission for SecurityConstants.CAN_VIEW_SYSTEM_INFO and
CAN_VIEW_ORGANIZATION_SETTINGS.
So either that is a bug and we do care about having fine grained permissions
different for SYSTEM_INFO and ORGANIZATION_SETTINGS; If not having the
possibility should be removed from the UI screen.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
