Information about bug
Employees with the Employee role can currently view Loan Applications of other employees.
Expected
Employees should only be able to see and manage their own Loan Applications.
Proposed fix
Add server-side row-level permissions and validation so non-privileged users can only access records where the applicant matches their linked Employee record.
Module
Loan Management
Version
Frappe Framework: v15.103.2 (HEAD)
ERPNext: v15.103.1 (HEAD)
Frappe HR: v15.58.5 (HEAD)
Frappe Lending: v0.0.1 (HEAD)
Installation method
FrappeCloud
Relevant log output / Stack trace / Full Error Message.
Code of Conduct
Information about bug
Employees with the
Employeerole can currently view Loan Applications of other employees.Expected
Employees should only be able to see and manage their own Loan Applications.
Proposed fix
Add server-side row-level permissions and validation so non-privileged users can only access records where the applicant matches their linked Employee record.
Module
Loan Management
Version
Frappe Framework: v15.103.2 (HEAD)
ERPNext: v15.103.1 (HEAD)
Frappe HR: v15.58.5 (HEAD)
Frappe Lending: v0.0.1 (HEAD)
Installation method
FrappeCloud
Relevant log output / Stack trace / Full Error Message.
Code of Conduct