View Full Version : reports and permissions-a back door?
21-06-04, 12:55 AM
I have created a user with read only access on one project only. When I log in as that user, I am able to see that one project, so that works fine.
However, when that user looks at the reports for that project, they are able to checkmark all projects and then able to access other projects for which they should be denied.
How can I prevent this from occuring? Are my permissions incorrect or is this a bug? Is there a work around available?
25-06-04, 11:57 AM
I have disabled the "reports" link on the projects page. This is not ideal but prevents a client from accessing projects that should be denied. This was done by editing modules/projects/view.php. and changing the text of $titleBlock->addCrumb( "?m=projects&a=reports&project_id=$project_id", "reports" );
remove reports but leave the ""
if anyone has any ideas how to enable this for admin but not for clients, please let me know
12-09-08, 04:00 PM
Has this issue been resolved? Obviously deleting the reports link will prevent users form different companies/projects to see other companies/projects. However, this also prevents admins from generating reports.
Does anybody care to comment on how to restrict users form viewing ONLY the reports that corresponds to their companies and/or projects?
09-12-12, 03:59 AM
Hello, people ! My first post here !
I am enjoying this software, it is really nice. I think I "solved" this, maybe it helps for you. Following what I did for the role:
- Non-Admin Modules: allow view and deny other itens;
- Projects: deny everything;
- Projects again: allow view for the project I wanted.
And thats it. The "project report" link is still there, but when the user clicks in "all", it is showed the message "access denied". For the project related to the user, it works (at least for me).
It worked for me. Please let me know if worked for you as well !
vBulletin® v3.6.4, Copyright ©2000-2013, Jelsoft Enterprises Ltd.