![]() |
|
|
|
|
Issue Type:
|
![Bug]() Bug
|
|
Affects Versions:
|
2.5.0, 2.6.0 |
|
Assignee:
|
Unassigned
|
|
Components:
|
Groups, Roles and Permission |
|
Created:
|
30/Apr/13 1:28 AM
|
|
Description:
|
Employees with "Can edit group membership" can move clients between offices without the need for the "Can edit office membership" rule
Repro:
1-remove the "Can edit office membership" from the users permission
2-search for a client
3-click on edit branch membership
4-permission works
5-workaround is to add group membership
6-enter a group name in another office
7-join group
you can find that the client has been moved to the other office without the need for the permission to do that
Expected result:
employees with no permission to edit office membership, should not be able to change the office_id for any client even by using the edit group membership
|
|
Environment:
|
LSIM
GLIM
Centers Off
|
|
Project:
|
mifos
|
|
Priority:
|
![Critical]() Critical
|
|
Reporter:
|
George Lteif
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
