#145 Why Document templates can be deleted by sender?

V.2.11.2
open
nobody
8
2014-08-23
2010-02-23
No

The system seems too danger.
I think it should be deleted by admin only...
Thanks a lot,
Jack

Discussion

  • fashion_Jack

    fashion_Jack - 2010-02-23
     
    Attachments
  • fashion_Jack

    fashion_Jack - 2010-02-23
    • priority: 5 --> 8
     
  • fashion_Jack

    fashion_Jack - 2010-02-23

    Jack add,
    admin centro control all document templates for whole company.
    it should not be deleted by others.

     
  • cddk

    cddk - 2012-01-16

    To solve this issue, I modify the Pages\menu.php and replace the accesslevel. seems that
    ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 2) : Admin
    ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 8) : Sender
    ($_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] == 1) : Reader

    Putting "2" on textfield (line275) / template_type (line299) / maillist (line323) / statistic (line349) allow the access only for Admin.

    Cddk

     
  • Uncle Helmut

    Uncle Helmut - 2012-08-22

    Another simple workaround is to change showcirculation.php as per exaple:

    function deleteCirculation(nCirculationId, nStart)
    {
    add test = '<?php $_SESSION["SESSION_CUTEFLOW_ACCESSLEVEL"] ?>';
    add if (test != 2) {
    add alert ("This action can only be performed by Administrator");
    add return;
    add }

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks