Bug #5041
open
View Invoice : Members Access Client Invoices Without Being Added to Client
Added by Vengadeshwaran R about 1 month ago.
Updated 15 days ago.
Description
Client A belongs to Group A.
No members have been added directly to Client A.
Group A includes Member A and Member B.
Steps to Reproduce:
- Log in using a team member account that has no client access.
- Navigate to the Invoice section.
- Click on the View tab.
Expected Result:
No invoices should be displayed, and access should be restricted.
Actual Result:
Invoices are visible even though the user has no client access.
Files
- Status changed from New to Resolved
- Assignee changed from muskan mathur to Vengadeshwaran R
- Status changed from Resolved to Fixed - Pushed to Staging
- Status changed from Fixed - Pushed to Staging to New
- Assignee changed from Vengadeshwaran R to muskan mathur
Client A belongs to Group A and B
Member A is a GH of Group A and He is TM of Group B
Group A Members: TM 1, and TM 2 and Member A [as GH]
Group B members: TM 3 and Member A [as TM]
TM 3 is only assigned to Client A
If TM 3 creates the invoice, Member A [as TM of Group B] should not have the access for that invoice which is created by TM3. But currently Action button for the invoice is created by TM 3 is enabled now for the Member A [He is only the team member of Group A]
The invoice is created by TM 3, and it is logically tied to Group B, because TM 3 belongs to that group.
https://drive.google.com/file/d/1IR1m0ApuHViBKB0afHRWfyXGDrqx4hHq/view?usp=drive_link
Also available in: Atom
PDF