By using REST Api methods, Loan Officer has access to accounts from different
branches
---------------------------------------------------------------------------------------
Key: MIFOS-5340
URL: http://mifosforge.jira.com/browse/MIFOS-5340
Project: mifos
Issue Type: Bug
Affects Versions: Release 2.2.2
Reporter: Lukasz Chudy
Priority: Critical
Fix For: Release 2.2.3
Loan officer should not have access to accounts from another branches. But by
using REST Api methods, Loan Officer can have access to any account in Mifos.
Repro:
1. Login to test server http://ci.mifos.org:8085/mifos as a standard 'mifos'
user.
2. Select account from branch other than Branch-1, e.g. account with number
000100000000899.
3. Log out and log in as mobile Loan Officer(username: mlo password: m12345).
4. Enter previously selected account number (000100000000899) into search field
and click on Search button.
5. Check that there are no search results.
6. Open REST client and enter the following URL:
http://ci.mifos.org:8085/mifos/account/loan/repay/num-000100000000899.json?amount=10
7. Send request.
Expected result:
It should not be possible to repay Loan account from different branch.
Actual result:
Payment is applied to the Loan account from different Branch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://mifosforge.jira.com/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
