#145 Why Document templates can be deleted by sender?

V.2.11.2
open
nobody
8
6 days ago
2010-02-23
fashion_Jack
No

The system seems too danger.
I think it should be deleted by admin only...
Thanks a lot,
Jack

Discussion

  • fashion_Jack
    fashion_Jack
    2010-02-23

     
    Attachments
  • fashion_Jack
    fashion_Jack
    2010-02-23

    • priority: 5 --> 8
     
  • fashion_Jack
    fashion_Jack
    2010-02-23

    Jack add,
    admin centro control all document templates for whole company.
    it should not be deleted by others.

     
  • cddk
    cddk
    2012-01-16

    To solve this issue, I modify the Pages\menu.php and replace the accesslevel. seems that
    ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 2) : Admin
    ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 8) : Sender
    ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 1) : Reader

    Putting "2" on textfield (line275) / template_type (line299) / maillist (line323) / statistic (line349) allow the access only for Admin.

    Cddk

     
  • Uncle Helmut
    Uncle Helmut
    2012-08-22

    Another simple workaround is to change showcirculation.php as per exaple:

    function deleteCirculation(nCirculationId, nStart)
    {
    add test = '<?php $_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] ?>';
    add if (test != 2) {
    add alert ("This action can only be performed by Administrator");
    add return;
    add }