Currently it is possible to use the application without actually logging in
Also in the refunds for example it is possible to log a refund with a different "Feeder"
Neither of these sound like a good practice, unless it is a pressing requirement.
Shouldn't we be using atleast a before filter, and disabling the arbitrary "Feeder"
and may be later move to a plug-in solution for authentication?
yeah i agree, a login only should allow the user to feed and make any changes, also the login user name should automatically become the feeder name - asif
Currently it is possible to use the application without actually logging in Also in the refunds for example it is possible to log a refund with a different "Feeder" Neither of these sound like a good practice, unless it is a pressing requirement.
Shouldn't we be using atleast a before filter, and disabling the arbitrary "Feeder" and may be later move to a plug-in solution for authentication?