Open Adnan-shariff opened 2 weeks ago
Describe the bug Team Lead and Moderator accounts can access Admin-only modules by directly entering specific URLs, allowing them to bypass access restrictions.
Moderator: http://13.127.150.18/appid-to-specific-user http://13.127.150.18/create-user
Team Lead: http://13.127.150.18/appid-to-specific-user, http://13.127.150.18/reassign-app-user, http://13.127.150.18/grade-scales, http://13.127.150.18/create-user
Steps to reproduce
Expected Behavior Only Admin accounts should access these URLs.
Actual Behavior The Moderator account accesses two modules, while the Team Lead account accesses multiple Admin-only modules.
Screenshots
Describe the bug Team Lead and Moderator accounts can access Admin-only modules by directly entering specific URLs, allowing them to bypass access restrictions.
Moderator: http://13.127.150.18/appid-to-specific-user http://13.127.150.18/create-user
Team Lead: http://13.127.150.18/appid-to-specific-user, http://13.127.150.18/reassign-app-user, http://13.127.150.18/grade-scales, http://13.127.150.18/create-user
Steps to reproduce
Expected Behavior Only Admin accounts should access these URLs.
Actual Behavior The Moderator account accesses two modules, while the Team Lead account accesses multiple Admin-only modules.
Screenshots
