Closed hawea closed 10 years ago
@hawea check resolved and please shift to an archive issue:
NB: have created minor low security risk whereby a logged in user with some hacking knowledge is now able to gain access to data via the autocomplete and dependant list actions.
This can be resolved and have added a TODO on line 137 of Controller.php
Basically the actions were restricted to users with Read access and since this form was wanting to access the AuthItem table but project manager doesn't really need this in general then access wasn't there.