This project is read-only.
1
Vote

Issue detected when the logged in user changes its current company in different scenarios.

description

Company1: eFORCE, Type: Internal
Company2: External Company, Type: External
crux@eforceglobal.com(cretaed by eFORCE, role in eFORCE: SA, role in external company: Admin)
crux1@eforceglobal.com(created by eforce, role in both companies: admin)
 
Scenario 1: Logged in as crux@eforceglobal.com, change company to "External Company" and then the user clicks on "Manage Companies" link and remove the SA role of the same user under the company eFORCE which is done successfully.
Expected Behaviour: When company is changed to "External Company" the user should not be able to see "Manage Companies" link since the current role is admin of an external company. The same user should not have any control over its other roles in other companies(like say SA role in internal company)
 
Scenario 2: Logged in as crux1@eforceglobal.com, change company to "External Company" and then the user clicks on "Manage My Company" link, encounters an error message,
     "Error Description: A [company] level security breach or invalid operation was detected. 
      Probable Cause: You tried to perform an action on a [company] on which you do not have administrative rights. 
      Recommended Action: Please check to see if you have enough rights and privilages to perform the action you were trying to perform. In case of questions please contact a super administrator."
Note: This issue comes only when the user is not with SA privilages.

comments

biraj wrote Oct 25, 2010 at 1:23 PM

Scenario 1 is not a bug.
Scenario 2 needs to be fixed.

tsantony wrote Jan 25, 2011 at 9:56 AM

hi raj,

thanks for your reply,

i have one more issue. when i run the project, after logged in the page is not redirect to Administration\Default.aspx
it always look for this path /CruxWebUI/default.aspx
please advice.

Antony

wrote Feb 13, 2013 at 9:03 PM