immidb / idb

A Web Application Database for Immigration Law Practitioners
https://immidb.net
1 stars 0 forks source link

client refId field is editable by BAS role #313

Open tonybranfort opened 3 years ago

tonybranfort commented 3 years ago

The refId should not be editable by BAS role by default. But even when edit access is restricted to SYS, OAM and ADM the field is still editable.

image

tonybranfort commented 3 years ago

Discovered when user (BAS) accidentally deleted refId which caused errors on the client & could not return to the client. Manually fixed the client in the database:

db.clients.updateOne({_id: ObjectId("5a26ec5d59836000011ef909")}, {$set: {"refId":"morammu1217"}})