Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0041038
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSminoralways2019-06-06 00:322019-06-06 00:32
ReporterlbressanView Statuspublic 
Assigned ToRetail 
PrioritynormalResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionmainSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0041038: User is selectable on Web POS login screen even when they don't have access to terminal

DescriptionA user that does not have access to a POS Terminal appears in the login screen, and can login.
This issue is present in 18Q1.3 but it may be present in earlier versions. It is also present in 19Q2 which seems that its still present in the versions in between
Steps To Reproduce1. Create a role that has access to Web POS (manual, with access to web pos form and any store organization).
2. Create a user
3. Assign that role to the user.
4. Ensure that the user does not have any terminal in tab POS Terminal Access.
5. Access a terminal URL (ideally of the same org assigned to the role, but it may happen on any store).
6. Observe that the user list shows this user and even you can use that user to login.
Proposed SolutionThe query in LoginUtilsServlet.java seems to check for this, but somehow the user is still considered in the results. Check what is wrong with the query.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2019-06-06 00:32 lbressan New Issue
2019-06-06 00:32 lbressan Assigned To => Retail
2019-06-06 00:32 lbressan Triggers an Emergency Pack => No


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker