webERP Forum

Full Version: user with minimal permissions unable to logout SOLVED
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hi all, I created an "auditor" user and took away all the privileges that I thought would give them the ability to change something, I wanted the user to have "view only" ability. However, clicking Logout when logged in as this user only causes the page to jump as if the main menu sales had been selected.

Edit. the code is 17 commits behind webERP-team:master on GitHub.

The logout behavior seems completely repeatable switching from the admin user, with no trouble logging out, to the "auditor" user, who cannot logout. I first thought simply closing the browser tab and re-opening it would force a new login, but it seems not the case now. I just re-opened a tab in Edge and browsed to my weberp site and the Main Sales screen opened without having to Login.

This "might" have started in the last year as I thought I would have noticed this when I created the user, around a year ago. Does this seem reasonable?

The "auditor" user:

The access permissions for the Auditor security role:

Hi Dale,

I think you will find that the Logout.php script no longer has permissions to run. Looking at the default security settings it requires token 1 which you have not allocated to that user.

To rectify this either add security token 1 to the Auditor role, or change the page security on Logout.php to security token 0 (zero). The latter is the better solution for me.

Thanks Tim. I added security token 1 to the Auditor role and found the auditor user could log out correctly.

I agree changing the page security for Logout.php is the more desirable solution, one should be able to logout regardless of one's access permissions.
Reference URL's