[
http://mifosforge.jira.com/browse/MIFOS-1951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=57798#action_57798
]
johnwoodlock commented on MIFOS-1951:
-------------------------------------
as aliyaw said above:
"To add more detail to this, the general issues is as follows. If you create a
new system user without assigning them a specific role, they are able to perform
any actions for which there aren't explicit permissions settings on the 'roles
and permissions' page. So, since there isn't a permissions setting for
holidays, a user without a role assigned can define holidays. Similarly, a user
without a role can also configure PPI, etc."
I'm in progress of resolving this for 'defining new holidays' which was the
first example of this.
The other examples I can find are:
Configure PPI Settings
Define new survey
Define questions
Could also create a client following the "Click here to continue if Group
membership is not required for your Client." path until the final submit for
approval.
Can click into 'Create new Group'
Can click into 'Open new Loan Account'
Can click into 'Open new Savings Account'
Decided to commit the holiday one but wait to see if some or all of these
others need to be fixed on account of the 1st three are connected with ppi
which may be being redone and the last 3 are annoying but do stop the user from
doing anything. Happy to do them of course.
> Loan officer with no specific role allowed activites with no permissions set
> ----------------------------------------------------------------------------
>
> Key: MIFOS-1951
> URL: http://mifosforge.jira.com/browse/MIFOS-1951
> Project: mifos
> Issue Type: Bug
> Components: Roles and Permission
> Affects Versions: Release 1.1
> Environment: Platform: All, OS: All
> Reporter: chandi_datta
> Assignee: johnwoodlock
> Priority: Critical
> Fix For: Shamim D
>
> Attachments: Error_role.html
>
>
> Issue repro steps:
> 1. Login to Mifos with proper privileges.
> 2. Click "Define new system user" link to create one loan officer without
> any
> role.
> 3. Logoff mifos and login again with newly created loan officer user id.
> 4. Click "admin" tab.
> 5. Click on "Define new holidays" link to create new holiday.
> Expected result: Loan officer without any role should not allow defining new
> holiday.
> Actual result: Loan officer without any role able to define new holiday.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://mifosforge.jira.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Mifos-issues mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mifos-issues
