Opened 7 years ago

Closed 7 years ago

#1849 closed defect (fixed)

ACL problem in o.o.expenses edit view

Reported by: flack Owned by: flack
Priority: major Milestone: 8.09.9 Ragnaroek
Component: OpenPSA Version: 8.09 Ragnaroek
Keywords: Cc:

Description

For some reason, midgard:read privileges for the navigation tree are not correctly checked in the edit hour report handler. When you click on entries that you shouldn't be able to see, you'll get the access denied screen, so it's somehow specific to this handler.

Change History (2)

comment:1 Changed 7 years ago by flack

The same seems to happen in o.o.documents

comment:2 Changed 7 years ago by flack

  • Resolution set to fixed
  • Status changed from new to closed

(In [26284]) Make sure sudo is dropped before returning, otherwise privileges will be ignored for the rest of the request, fixes #1849

Note: See TracTickets for help on using tickets.