[
http://mifosforge.jira.com/browse/MIFOS-3368?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=59502#action_59502
]
Mifos Hudson Jira Plugin User commented on MIFOS-3368:
------------------------------------------------------
Integrated in !http://ci.mifos.org/hudson/images/16x16/blue.gif! [head-master
#1777|http://ci.mifos.org/hudson/job/head-master/1777/]
FIXED MIFOS-3368: remove permission around view ogranisation settings
Keith Woodlock :
[770e3d54e1ec2214224336a9ff043bd4d8667d3e|http://mifos.git.sourceforge.net/git/gitweb.cgi?p=mifos/head&a=commit&h=770e3d54e1ec2214224336a9ff043bd4d8667d3e]
Files :
*
serviceInterfaces/src/main/java/org/mifos/application/admin/servicefacade/ViewOrganizationSettingsServiceFacade.java
*
application/src/main/java/org/mifos/security/rolesandpermission/struts/tag/ActivityTag.java
*
application/src/main/java/org/mifos/security/rolesandpermission/util/helpers/RoleTempleteBuilder.java
*
userInterface/src/main/java/org/mifos/ui/core/controller/ViewOrganizationSettingsController.java
> Security: Fine Grained Permission for Viewing Organization Settings Is not
> used
> -------------------------------------------------------------------------------
>
> Key: MIFOS-3368
> URL: http://mifosforge.jira.com/browse/MIFOS-3368
> Project: mifos
> Issue Type: Bug
> Components: Authentication
> Affects Versions: Release 1.5.1, Release 1.6.0, Release E - Iteration 2,
> Release E - Iteration 3
> Reporter: keithwoodlock
> Assignee: mifosqa
> Fix For: Release E - Iteration 4, Release E
>
> Original Estimate: 1 day
> Remaining Estimate: 1 day
>
> When creating dynamic roles in mifos, a user can select a from list of fine
> grained permissions.
> currently its is possible to select 'Can view organization settings' from
> 'Configuration Management' section however when moving off struts to spring
> mvc, it was noticed that the ViewOrganizationSettingsAction was checking that
> user had permission for SecurityConstants.CAN_VIEW_SYSTEM_INFO and
> CAN_VIEW_ORGANIZATION_SETTINGS.
> So either that is a bug and we do care about having fine grained permissions
> different for SYSTEM_INFO and ORGANIZATION_SETTINGS; If not having the
> possibility should be removed from the UI screen.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
