[
http://mifosforge.jira.com/browse/MIFOS-5340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=71456#comment-71456
]
Mifos Hudson Jira Plugin User commented on MIFOS-5340:
------------------------------------------------------
Integrated in !http://ci.mifos.org/hudson/images/16x16/yellow.png!
[head-g-release-secondary
#309|http://ci.mifos.org/hudson/job/head-g-release-secondary/309/]
MIFOS-5340: permission check for loans
MIFOS-5340: permission check for savings
MIFOS-5340: fixed tests
Michal Dudzinski :
Files :
*
application/src/main/java/org/mifos/framework/servlet/UncaughtExceptionHandler.java
*
rest/src/main/java/org/mifos/platform/rest/controller/LoanAccountRESTController.java
* appdomain/src/main/java/org/mifos/accounts/api/StandardAccountService.java
*
appdomain/src/main/java/org/mifos/accounts/servicefacade/WebTierAccountServiceFacade.java
*
appdomain/src/main/java/org/mifos/application/servicefacade/LoanAccountServiceFacadeWebTier.java
Michal Dudzinski :
Files :
*
appdomain/src/main/java/org/mifos/application/servicefacade/SavingsServiceFacadeWebTier.java
Michal Dudzinski :
Files :
*
application/src/test/java/org/mifos/application/servicefacade/LoanAccountServiceFacadeWebTierTest.java
*
application/src/test/java/org/mifos/accounts/api/StandardAccountServiceIntegrationTest.java
*
application/src/test/java/org/mifos/accounts/struts/action/ApplyChargeActionStrutsTest.java
*
application/src/test/java/org/mifos/accounts/loan/struts/action/LoanAccountActionStrutsTest.java
*
application/src/test/java/org/mifos/accounts/loan/struts/action/RepayLoanActionStrutsTest.java
*
application/src/test/java/org/mifos/accounts/savings/persistence/SavingsAccountAdjustmentAndInterestCalculationServiceFacadeIntegrationTest.java
> By using REST Api methods, Loan Officer has access to accounts from different
> branches
> ---------------------------------------------------------------------------------------
>
> Key: MIFOS-5340
> URL: http://mifosforge.jira.com/browse/MIFOS-5340
> Project: mifos
> Issue Type: Bug
> Affects Versions: Release 2.2.2
> Reporter: Lukasz Chudy
> Assignee: Michał Dudziński
> Priority: Critical
> Fix For: Release 2.2.3
>
>
> Loan officer should not have access to accounts from another branches. But by
> using REST Api methods, Loan Officer can have access to any account in Mifos.
> Repro:
> 1. Login to test server http://ci.mifos.org:8085/mifos as a standard 'mifos'
> user.
> 2. Select account from branch other than Branch-1, e.g. account with number
> 000100000000899.
> 3. Log out and log in as mobile Loan Officer(username: mlo password: m12345).
> 4. Enter previously selected account number (000100000000899) into search
> field and click on Search button.
> 5. Check that there are no search results.
> 6. Open REST client and enter the following URL:
> http://ci.mifos.org:8085/mifos/account/loan/repay/num-000100000000899.json?amount=10
> 7. Send request.
> Expected result:
> It should not be possible to repay Loan account from different branch.
> Actual result:
> Payment is applied to the Loan account from different Branch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://mifosforge.jira.com/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
