[Mifos-issues] [JIRA Studio] (MIFOS-5209) Loan Officer has access to accounts from different branch by modifying URL address

Mifos Hudson Jira Plugin User (Commented) (JIRA) Wed, 14 Dec 2011 07:52:30 -0800

    [ 
http://mifosforge.jira.com/browse/MIFOS-5209?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=71201#comment-71201
 ]


Mifos Hudson Jira Plugin User commented on MIFOS-5209:
------------------------------------------------------

Integrated in !http://ci.mifos.org/hudson/images/16x16/yellow.png! 
[head-master-secondary 
#565|http://ci.mifos.org/hudson/job/head-master-secondary/565/]
     MIFOS-5209: Added access validation for retrieving loans.
MIFOS-5209: Added access validation for retrieving savings.
Revert "MIFOS-5209: Added access validation for retrieving savings."
Revert "MIFOS-5209: Added access validation for retrieving loans."
MIFOS-5209: Added access validation for retrieving loans, fixed tests.
MIFOS-5209: Added access validation for retrieving savings, fixed tests.
MIFOS-5209: Added access validation for retrieving groups, fixed tests.
MIFOS-5209: Added access validation for retrieving centers, fixed tests.
MIFOS-5209: Fixed retrieving savings.

Jakub Slawinski : 
Files : 
* 
application/src/main/java/org/mifos/accounts/loan/struts/action/LoanAccountAction.java
* 
application/src/main/resources/META-INF/resources/WEB-INF/accounts-struts-config.xml
* 
appdomain/src/main/java/org/mifos/application/servicefacade/LoanAccountServiceFacadeWebTier.java

Jakub Slawinski : 
Files : 
* 
appdomain/src/main/java/org/mifos/application/servicefacade/SavingsServiceFacadeWebTier.java
* 
application/src/main/java/org/mifos/accounts/savings/struts/action/SavingsAction.java
* application/src/main/resources/META-INF/resources/WEB-INF/struts-config.xml

Jakub Slawinski : 
Files : 
* application/src/main/resources/META-INF/resources/WEB-INF/struts-config.xml
* 
application/src/main/java/org/mifos/accounts/savings/struts/action/SavingsAction.java
* 
appdomain/src/main/java/org/mifos/application/servicefacade/SavingsServiceFacadeWebTier.java

Jakub Slawinski : 
Files : 
* 
application/src/main/java/org/mifos/accounts/loan/struts/action/LoanAccountAction.java
* 
application/src/main/resources/META-INF/resources/WEB-INF/accounts-struts-config.xml
* 
appdomain/src/main/java/org/mifos/application/servicefacade/LoanAccountServiceFacadeWebTier.java

Jakub Slawinski : 
Files : 
* 
appdomain/src/main/java/org/mifos/application/servicefacade/LoanAccountServiceFacadeWebTier.java
* 
application/src/test/java/org/mifos/accounts/loan/struts/action/LoanAccountActionStrutsTest.java
* 
application/src/test/java/org/mifos/accounts/struts/action/NotesActionStrutsTest.java
* 
application/src/main/java/org/mifos/accounts/loan/struts/action/LoanAccountAction.java
* 
application/src/main/resources/META-INF/resources/WEB-INF/accounts-struts-config.xml

Jakub Slawinski : 
Files : 
* application/src/main/resources/META-INF/resources/WEB-INF/struts-config.xml
* 
application/src/test/java/org/mifos/accounts/savings/struts/action/SavingsActionStrutsTest.java
* 
application/src/main/java/org/mifos/accounts/savings/struts/action/SavingsAction.java
* 
appdomain/src/main/java/org/mifos/application/servicefacade/SavingsServiceFacadeWebTier.java
* 
application/src/test/java/org/mifos/accounts/struts/action/NotesActionStrutsTest.java

Jakub Slawinski : 
Files : 
* 
application/src/main/java/org/mifos/customers/group/struts/action/GroupCustAction.java
* 
application/src/test/java/org/mifos/customers/struts/action/CustomerNotesActionStrutsTest.java
* application/src/main/resources/META-INF/resources/WEB-INF/struts-config.xml
* 
appdomain/src/main/java/org/mifos/application/servicefacade/GroupServiceFacadeWebTier.java

Jakub Slawinski : 
Files : 
* 
application/src/test/java/org/mifos/application/meeting/struts/action/MeetingActionStrutsTest.java
* 
appdomain/src/main/java/org/mifos/application/servicefacade/CenterServiceFacadeWebTier.java
* 
application/src/test/java/org/mifos/customers/center/struts/action/CenterActionStrutsTest.java
* application/src/main/resources/META-INF/resources/WEB-INF/struts-config.xml
* 
application/src/test/java/org/mifos/customers/struts/action/CustomerNotesActionStrutsTest.java
* 
application/src/main/java/org/mifos/customers/center/struts/action/CenterCustAction.java

Jakub Slawinski : 
Files : 
* 
application/src/main/java/org/mifos/accounts/savings/struts/action/SavingsAction.java

                
> Loan Officer has access to accounts from different branch by modifying URL 
> address
> ----------------------------------------------------------------------------------
>
>                 Key: MIFOS-5209
>                 URL: http://mifosforge.jira.com/browse/MIFOS-5209
>             Project: mifos
>          Issue Type: Bug
>    Affects Versions: Release 2.2.2
>            Reporter: Lukasz Chudy
>            Assignee: Jakub Sławiński
>            Priority: Critical
>             Fix For: Release 2.2.3
>
>
> Loan officer should have access to accounts only around the Branch to which 
> he is attached. But by modifying Mifos URL address, Loan Officer can have 
> access to any account in Mifos.
> Repro:
> 1. Login to test server http://ci.mifos.org:8085/mifos as standard 'mifos' 
> user.
> 2. Select account from branch other than Branch-1, e.g. account with number 
> 000100000000257.
> 3. Log out and log in as mobile Loan Officer(username: mlo  password: m12345).
> 4. Enter previously selected account number (000100000000257) into search 
> field and click on Search button.
> 5. Check that there are no search results.
> 6. In URL enter this address: 
> http://ci.mifos.org:8085/mifos/savingsAction.do?globalAccountNum=000100000000257&method=get&recordOfficeId=9&recordLoanOfficerId=84&randomNUm=-3032146375179966014
> Expected result:
> After entering URL address with account number related to other branch, 
> validation message should appear saying that you don't have sufficient 
> permissions to perform that activity.
> Actual result:
> After entering URL address with account number related to other branch, it is 
> possible to view account details, switch to client, group and center details. 
>   

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
http://mifosforge.jira.com/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

------------------------------------------------------------------------------
Cloud Computing - Latest Buzzword or a Glimpse of the Future?
This paper surveys cloud computing today: What are the benefits? 
Why are businesses embracing it? What are its payoffs and pitfalls?
http://www.accelacomm.com/jaw/sdnl/114/51425149/
_______________________________________________
Mifos-issues mailing list
Mifos-issues@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mifos-issues

[Mifos-issues] [JIRA Studio] (MIFOS-5209) Loan Officer has access to accounts from different branch by modifying URL address

Reply via email to