CuteFlow

8 Why Document templates can be deleted by sender? - ID: 2957233

Last Update: Comment added ( uncle_helmut )

Details:

The system seems too danger.
I think it should be deleted by admin only...
Thanks a lot,
Jack

Submitted:

fashion_Jack ( jackwan ) - 2010-02-23 06:26:46 PST

Priority:

Status:

Open

Resolution:

None

Assigned:

Nobody/Anonymous

Category:

Managing interface

Group:

V.2.11.2

Visibility:

Public

Date: 2012-08-21 23:42:19 PDT Sender: uncle_helmut Another simple workaround is to change showcirculation.php as per exaple: function deleteCirculation(nCirculationId, nStart) { add test = '<?php $_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] ?>'; add if (test != 2) { add alert ("This action can only be performed by Administrator"); add return; add }
Date: 2012-01-16 02:11:23 PST Sender: cddk To solve this issue, I modify the Pages\menu.php and replace the accesslevel. seems that ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 2) : Admin ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 8) : Sender ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 1) : Reader Putting "2" on textfield (line275) / template_type (line299) / maillist (line323) / statistic (line349) allow the access only for Admin. Cddk
Date: 2010-02-23 06:36:08 PST Sender: jackwan Jack add, admin centro control all document templates for whole company. it should not be deleted by others.

Filename	Description	Download
sender_rights.PNG		Download

Field	Old Value	Date	By
priority	5	2010-02-23 06:27:46 PST	jackwan
File Added	364071: sender_rights.PNG	2010-02-23 06:26:46 PST	jackwan