[
http://mifosforge.jira.com/browse/MIFOS-5340?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Lukasz Chudy updated MIFOS-5340:
--------------------------------
Status: Ready for Showcase (was: Ready for Testing / Resolved)
Verified on 04.01.2012
Almost all REST methods are fixed and prevent LO from accessing accounts from
different branches. But there are some methods which still allow LO to have
unauthorized access. New issue has been created for those methods MIFOS-5355
> By using REST Api methods, Loan Officer has access to accounts from different
> branches
> ---------------------------------------------------------------------------------------
>
> Key: MIFOS-5340
> URL: http://mifosforge.jira.com/browse/MIFOS-5340
> Project: mifos
> Issue Type: Bug
> Affects Versions: Release 2.2.2
> Reporter: Lukasz Chudy
> Assignee: Michał Dudziński
> Priority: Critical
> Fix For: Release 2.2.3
>
>
> Loan officer should not have access to accounts from another branches. But by
> using REST Api methods, Loan Officer can have access to any account in Mifos.
> Repro:
> 1. Login to test server http://ci.mifos.org:8085/mifos as a standard 'mifos'
> user.
> 2. Select account from branch other than Branch-1, e.g. account with number
> 000100000000899.
> 3. Log out and log in as mobile Loan Officer(username: mlo password: m12345).
> 4. Enter previously selected account number (000100000000899) into search
> field and click on Search button.
> 5. Check that there are no search results.
> 6. Open REST client and enter the following URL:
> http://ci.mifos.org:8085/mifos/account/loan/repay/num-000100000000899.json?amount=10
> 7. Send request.
> Expected result:
> It should not be possible to repay Loan account from different branch.
> Actual result:
> Payment is applied to the Loan account from different Branch.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://mifosforge.jira.com/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
