Templates should bypass ACLs
Right now using a template will bypass ACLs on the fields of the object but fail on the modification of other objects like putting a user in a group or putting a system in a DHCP. This is a bit inconsistent and we decided that applying a template should apply the whole template, bypassing ACLs.
This means if a user have enough rights to use a template, he can apply the whole template.
(from redmine: issue id 5625, created on 2017-06-19, closed on 2017-06-19)
- Revision fab9795d by Côme Chilliet on 2017-06-19T10:20:47.000Z:
Fixes #5625 Bypassing ACLs for adding users to groups/roles through templates
- Revision cc7ef059 by Côme Chilliet on 2017-06-19T14:18:17.000Z:
Fixes #5625 Add a flag to force a tabClass to bypass ACLs
- Custom Fields:
- Support contract: Silver
- Dolibarr project Name: PJ1610-0020