-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 12
-
Fix Version/s: None
-
Labels:
-
Environment:
PBX Firmware: 6.12.65-27
PBX Service Pack: 1.0.0.0
-
ToDo:
-
Distro:FreePBX Distro
Found at OTTS workshop Milwaukee:
Created two External Contact Groups (Vendors and Customers). Added entries. Excluded from User's Class of Service so User should not see Group Names or Entries. User can see both Groups and Entries and Entry Details in Groups in both UCP and REST Apps.
If I change it so that User's Class of Service has access to one Group but not the other, then the User is granted access to one Group in REST App and not the other Group. The is a bug that seems to be limited to when the User is Denied access to All Groups, they are mistakenly Allowed access to all Groups in the REST App.
In the User Control Panel, the User is able to access to All Groups all the time, no matter what combination of allowed/denied groups are set in Class of Service. Security seems to be missing completely.
- is duplicated by
-
FREEPBX-15433
Class of service Deny option not working for contact manager.
-
- Closed
-
