search

brustj / tracmor

Automatically exported from code.google.com/p/tracmor
GNU General Public License v2.0
0 stars 0 forks source link

User authorization not enforced in shipping (deleting transactions) #36

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Create User Role with the following authorizations:
Assets Enabled: View, Edit, Delete=ALL
Contacts Enabled: View, Edit, Delete=ALL
Shipping Enabled: View=ALL, Edit=None, Delete=None
2. Once user role is created with above authorization, Create a new user
3. With new User ID, from the Shipping module, choose a pending shipment
4. In shipment record, select Delete button

What is the expected output? What do you see instead?
User is able to delete pending shipment, even when authorization to do so
is disabled.

Please use labels and text to provide additional information.

Original issue reported on code.google.com by lyndi...@gmail.com on 2 May 2007 at 8:04

GoogleCodeExporter commented 8 years ago 
This has been fixed.

Original comment by hunterje...@gmail.com on 8 May 2007 at 7:13