Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security Token 13 labeled as Unknown but used
03-12-2012, 04:45 PM,
#1
Security Token 13 labeled as Unknown but used
Hi:

Security Token 13 is labeled as Unknown on the SQL file (so, unused). We used it for fine graining some access rights but just discovered that it's hard coded for some purposes on:
- CounterSales.php (lines 746, 792 and 845)
- SelectOrderItems.php (lines 1339, 1387, 1427)

Seems that the use is for price security issues.

So:
a) If it's used for Price Security issues, token 12 is already set up for this use, and hardcoded somewhere else, so 13 should be changed by 12.
b) If the use is different form existing token 12, then token 13 should be labelled accordingly on the SQL file.

Changing /upgrading security tokens should also have a clear warning on the update database script, as it might affect existing installations.
Regards,
Pak Ricard
Reply
03-14-2012, 09:58 AM,
#2
RE: Security Token 13 labeled as Unknown but used
Good point about the advising of changes to security tokens.
Perhaps we should have some sql to update roles with 13 to some other but we get into the same problem.

The idea with hard coding 13 as order entry price changes as distinct from 12 price administration was that the users who are allowed to modify prices in orders are not necessarily all order entry clerks in some scenarios. These folk who are allowed discretion at order entry are potentially not the same folks who would have the authority to update prices accross the board either.

I think a separate order entry price/discount entry authority is required and hence why I made it the first un-used one.

I thought I updated the token name ... if not I need to fix that too.
Phil Daintree
webERP Admin
Logic Works Ltd
http://www.logicworks.co.nz
Reply
03-14-2012, 10:17 AM,
#3
RE: Security Token 13 labeled as Unknown but used
OK, makes sense to me to have 2 diferent tokens. Then, only an update to SQL file is needed.

I will change my old 13 to 130, and problem solved ;-)

Thanks!
Regards,
Pak Ricard
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)