Org unit tree search not respecting access control

Bug #1227063 reported by Lars Helge Øverland on 2013-09-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
DHIS
High
Morten Olav Hansen

Bug Description

When doing a search in the org unit web tree, e.g. in data entry or org unit module, you can search and open org units which are outside the sub-tree(s) of the current user. This should not be permitted.

Changed in dhis2:
milestone: none → 2.13
importance: Undecided → High
assignee: nobody → Morten Olav Hansen (mortenoh)
Morten Olav Hansen (mortenoh) wrote :

Fixed and backported to 2.13. It will now filter with user.OUs + children. Probably a bit slower, but should yield correct results.

Changed in dhis2:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers