dolibarr-bugtrack
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Dolibarr-bugtrack] [Bug #1101] A disabled user still appear in drop dow

From: Doliforge
Subject: [Dolibarr-bugtrack] [Bug #1101] A disabled user still appear in drop down lists (e.g., in task assignments).
Date: Wed, 23 Oct 2013 18:43:51 +0200
Doliforge
Is this email not displaying correctly?
update email preferences.
Dolibarr ERP & CRM » Bugs » bug #1101

A disabled user still appear in drop down lists (e.g., in task assignments).

Latest modifications

Laurent Destailleur (eldy)
2013-10-23 18:43 (Europe/Paris)
I am not sure we can completely remove a user when he is disabled. We still may want to enter old record that should be linked to user, even if disabled when data is entered into system.
With version 3.5, the status "(disabled)" will appears into combo list. This will reduce risk.
Changes:
  • Resolution: 
 NoneWont Fix

Answer now

Snapshot

 Details
Submitted by:  Mario DE WEERD (mdeweerd) Submitted on:  2013-10-22 14:14
Last Modified On:  2013-10-22 14:29 
Summary:  A disabled user still appear in drop down lists (e.g., in task assignments).
Description:  A disabled (internal) user still appears in drop-down lists.
For instance in the list of contacts that can be assigned to a task, but also in most (or all) other locations where a user can be selected.

The suggestion may be to delete the user, but in this particular case, it is impossible to delete the user. Dolibarr says that the user may be associated with some elements.

As a trick I tried to change the type of the user from 'Internal' to 'External' by setting the type to a record from the customers. After doing so, the user still appears as Internal, even if when doing 'Modify' the user assignment is still there [this may be another bug]. So there is no apparent workaround.

It should be possible to avoid having the disabled user appear in lists as if this user is still "active".

[I classify this as a security issue because invalid information appears to the users which can be critical (in this particular case it is an unpleasant reminder)]
Step to reproduce bug:  Create a user and disable the user.
Go to the detail of a contact, assign a commercial and assign the disabled user.
Version:  3.4.0 Category:  Security
Severity:  5 - Major OS Type/Version:  
PHP version:   Database type and version:  
 Status
Status:  Open Assigned to:  None
Resolution:  Wont Fix 

Comments

Laurent Destailleur 2013-10-23 18:43
I am not sure we can completely remove a user when he is disabled. We still may want to enter old record that should be linked to user, even if disabled when data is entered into system.
With version 3.5, the status "(disabled)" will appears into combo list. This will reduce risk.
Mario DE WEERD 2013-10-22 14:29
J'ai essayé dans une autre installation de Dolibarr.

Le problème d'affichage 'interne/externe' est lié au fait que la fiche contact auquel j'ai affecté le compte n'appartient à aucune société.
Lorsque la fiche contact appartient à une société, il apparaît 'externe'.

Par contre, l'utilisateur apparaît toujours dans la liste des contacts attribuables comme commercial à une fiche société par exemple.

reply via email to
[Prev in Thread] Current Thread [Next in Thread]