No announcement yet.

[SOLVED] possible Bug in Security Module

This topic is closed.
  • Filter
  • Time
  • Show
Clear All
new posts

  • [SOLVED] possible Bug in Security Module

    I'm working with version 7.00.0015
    I have added security module to my project, group mode setup.
    The users and groups have been set. Then users have been assigned to groups. Finally grants for applications/groups have been set.
    My project has a menu which includes the security sub-menu (automatically set by scriptcase).

    When I run the application, and I login as a user who has no grants for some applications (like security applications for example) :
    - the user has access to the security sub-menu viewing all its items
    - the user can select any of its items and the corresponding application is launched, despite the user has no permission nor access
    - the unique difference with a user which has permissions is that has no access to update-insert-delete button to change data, but can view all the records

    I have added a user without been assigned to a group, login with that user and the result is the same as describe above: the user has access to all applications in the project, but no update-delete-insert buttons to change data in each application.

    I expect that a user belongs to a group which has explicit dennegation for a insert/access/update/delete operation (through out the application/group app) neither can access nor realize information changes in that application....

    Furthermore, I expect that a user doesn't belong to any group, can't access any application.

    Is a bug ?

    Another minor bug I have found is when a user access the form linked to the login application for a new user creation. This form adds a user to the database with no data in the "Active" field of the corresponding table in the DB. However, when I login as admin privileges user, and enter the application for this user update, the radio button which represents the Activ field of the table in the DB shows Activ status !!!

  • #2
    If you are talking about pre deployed then make sure you have security and passwords checked in the myscriptcase setting
    By the way if you need to add users to multiple groups
    You will want the fix I created to fix the issue



    • #3
      [SOLVED] possible Bug in Security Module

      Thank you Kevin. I'm new in scriptcase and didn't know that checking the security setting in myscriptcase was a requirement if one wants to use pre deployed security module. Thank you very much !

      However, the problem I described about "create user" form from login appl persists. Any way, for me this thread is SOLVED.



      • #4
        Well think about it

        By allowing someone to add themselves automatically to a system
        Don't you want to determine what they can do?
        So leaving them inactive would be prudent thing to do

        This is what I think they were thinking about when they coded it
        Glad I could help