[Mifos-issues] [JIRA Studio] (MIFOS-5340) By using REST Api methods, Loan Officer has access to accounts from different branches

Tue, 27 Dec 2011 03:11:29 -0800 

     [ 
http://mifosforge.jira.com/browse/MIFOS-5340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michał Dudziński reassigned MIFOS-5340:
---------------------------------------

    Assignee: Michał Dudziński
    
> By using REST Api methods, Loan Officer has access to accounts from different 
> branches 
> ---------------------------------------------------------------------------------------
>
>                 Key: MIFOS-5340
>                 URL: http://mifosforge.jira.com/browse/MIFOS-5340
>             Project: mifos
>          Issue Type: Bug
>    Affects Versions: Release 2.2.2
>            Reporter: Lukasz Chudy
>            Assignee: Michał Dudziński
>            Priority: Critical
>             Fix For: Release 2.2.3
>
>
> Loan officer should not have access to accounts from another branches. But by 
> using REST Api methods, Loan Officer can have access to any account in Mifos.
> Repro:
> 1. Login to test server http://ci.mifos.org:8085/mifos as a standard 'mifos' 
> user.
> 2. Select account from branch other than Branch-1, e.g. account with number 
> 000100000000899.
> 3. Log out and log in as mobile Loan Officer(username: mlo password: m12345).
> 4. Enter previously selected account number (000100000000899) into search 
> field and click on Search button.
> 5. Check that there are no search results.
> 6. Open REST client and enter the following URL: 
> http://ci.mifos.org:8085/mifos/account/loan/repay/num-000100000000899.json?amount=10
> 7. Send request.
> Expected result:
> It should not be possible to repay Loan account from different branch.
> Actual result:
> Payment is applied to the Loan account from different Branch.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
http://mifosforge.jira.com/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

       

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues

Reply via email to