Dashboard Shows Bank Data for Unauthorized User - SOLVED

Dashboard Shows Bank Data for Unauthorized User - SOLVED - Printable Version

+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: Problems / Bugs? (http://www.weberp.org/forum/forumdisplay.php?fid=8)
+--- Thread: Dashboard Shows Bank Data for Unauthorized User - SOLVED (/showthread.php?tid=8161)

Dashboard Shows Bank Data for Unauthorized User - SOLVED - VortecCPI - 05-03-2018

Dashboard.php

Shows a Bank Account and related data fro an account not authorized to a User.

All other Bank Account scripts seem to comply and work fine with ACL.

Fixed by changing SQL from this:

PHP Code:
    $Sql = "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode"; 

To this:

PHP Code:
    $Sql = "SELECT bankaccounts.accountcode,
                    bankaccounts.bankaccountcode,
                    chartmaster.accountname,
                    bankaccountname
            FROM bankaccounts
            INNER JOIN chartmaster
            ON bankaccounts.accountcode = chartmaster.accountcode
            INNER JOIN bankaccountusers
            ON bankaccounts.accountcode=bankaccountusers.accountcode
            AND userid='" . $_SESSION['UserID'] . "'"; 

RE: Dashboard Shows Bank Data for Unauthorized User - SOLVED - afcouling - 05-03-2018

Hi Paul,

I have submitted a Pull Request for your fix.

Andy.

RE: Dashboard Shows Bank Data for Unauthorized User - SOLVED - VortecCPI - 05-03-2018

Thank you so much!