kutting
commented
8 years ago Cadre.CadreSearch Cadre.InvoicesSearch Cadre.PaymentUpdate Cadre.PerDiemUpdate Event.GetEventPerDiem
Closed kutting closed 8 years ago
kutting
commented
8 years ago Cadre.CadreSearch Cadre.InvoicesSearch Cadre.PaymentUpdate Cadre.PerDiemUpdate Event.GetEventPerDiem
Logged in as a Cadre (Brian Sargent) I was able to modify the Is Paid flag on a PerDiem, just by knowing the URL for the page: http://events-dev.goruck.com/cadre/perdiems/4322/edit Both the UI and the DB should be checking that user is not cadre, particularly when money is involved.