Bug #4872: View Invoice: The invoice document is visible to a member who should not have access, as they do not belong to the appropriate group. - Invoice Web - V3 - Redmine

Actions

Copy link

Bug #4872

closed

View Invoice: The invoice document is visible to a member who should not have access, as they do not belong to the appropriate group.

Added by Vengadeshwaran R about 2 months ago. Updated 13 days ago.

Status:

Closed

Priority:

Normal

Assignee:

Vengadeshwaran R

Start date:

06/23/2025

Due date:

% Done:

Estimated time:

Description

Scenario:

Client A is associated with two groups: Group A and Group B
Group A has one member: Member A
Group B has one member: Member B

Steps to Reproduce:

1. Log in to Lauditor using Member A's account.
2. Navigate to the Invoice section and click on the Create tab.
3. Select Client A, complete the required details and click Save.
4. Log out.
5. Log in using Member B's account.
6. Navigate to the Invoice section and click on the View tab.

Expected Result:
The invoice created for Client A should not be visible to Member B, since Member B does not belong to the same group as the creator.

Actual Result:
The invoice is visible to Member B.

Link - https://drive.google.com/file/d/1PrGqJ9GcCCvhntq5cjo8fTgIN-ZFEA5I/view?usp=drive_link

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Lauditor Version 3 Bugs » Lauditor V3 - Web » Invoice Web - V3

Custom queries

Bug #4872

View Invoice: The invoice document is visible to a member who should not have access, as they do not belong to the appropriate group.

Updated by Vengadeshwaran R about 2 months ago

Updated by Boomibalagan Ravichandran 14 days ago

Updated by akhila bs 13 days ago