|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Mifos-issues mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mifos-issues
The problem is:
Some forms are using AdminServiceFacade.retrieveHiddenMandatoryFields to specify which fields are hidden and/or mandatory (like the one to create new loan). retrieveHiddenMandatoryFields() method has @PreAuthorize restriction which requires "Can define hidden/mandatory fields" permission.
This facade method should be accessed without that restriction and DefineMandatoryHiddenFieldsController.getDetails() should be restricted then.