Company: Link Technologies
Case No: L12696. Project: 14.10: LinkSOFT version 14.10 - October 2022
Logged By: Vineet (Link Business Solutions) on behalf of Sanjay (Link Technologies) on 22 Mar 2022 09:27AM
Priority: High
Product: Point of Sale
Group: Enhancement
Time Taken: 26.50 (Weight: 26.50)
Assigned To: Development
Circulation: Development, Sanjay, Vineet
Resolve By: Friday, 30 September 2022 12:00 AM [771 days since logged date]
Status: Closed
Subject: User should not be able to authorise transactions outside their main location
Summary:    
Section A - Describe what the request/issue is about 

On The Go, Limited is requesting Location-based access for the below areas in POS.

  1. Transaction Authorisation in POS (Delete, Discount, Park). If the user does not have access to a location, they should not be able to authorize these for that location.

This comes in after a user from Nadi Branch authorizes a delete of its own transaction in Lautoka.

Section C - Provide a Test plan - List out at least two scenarios that will be used to verify
  1. Setup restricted location access for one user
  2. Login to POS for a location to which the user does not have access. Try authorizing Delete, Park, Reprint, etc for this location. This should be restricted
Audit Notes:Edited by sanjay on 26/09/22 12:20. Edited by sanjay on 22/09/22 09:19. Edited by sanjay on 22/09/22 09:18. Edited by sanjay on 15/08/22 10:42. Edited by sanjay on 18/07/22 14:41. Edited by sanjay on 25/03/22 14:53. Edited by sanjay on 25/03/22 14:48. 
25 Mar 202202:57PM Comment 1 by Sanjay (Link Technologies) This comment has been removed
18 Jul 202210:04AM Comment 2 by Vineet (Link Business Solutions) This comment has been removed
18 Jul 202202:37PM Comment 3 by Sanjay (Link Technologies) Case L12696 added to project 14.01
18 Jul 202202:41PM Comment 4 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 20-07-2022 06:39 PM

Discussion with Vineet and Sanjay.

OTGL agreed to the option where we add security for Delete, Discount and Park - 8 hours.


27 Jul 202212:40PM Comment 5 by Vineet (Link Business Solutions) This comment has been removed
27 Jul 202204:56PM Comment 6 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 31-08-2022 08:55 PM Time Taken: 1.00 Notes: ETC extended from: 28/03/2022 to 31/08/2022
Assigned to Project 14.01

22 Sep 202211:49AM Comment 7 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 28-09-2022 01:20 PM Time Taken: 18.00
PART A - Development work for this case has been completed.

1. The change will be available in version:14.10

2. The following changes were made(Include Database object names, Program classes, and any other relevant information):

  1. Added User location mapping to check when a POS entry is deleted
  2. Added Default Location List to check if the user has a "Location Mapping"
  3. REPRINT has not been restricted as there could be many locations in an Order.
  4. Park Transaction is validated based on the Default location of the order at the time of Park. 
  5. Discount now checks if the user has access to the Default Location for Bulk Discounts
  6. Discount now checks if the user has access to the Line Location for line discounts

3. Affected Areas:

  1. POS Processing
  2. POS Authorisation for Delete, Park
  3. Default location list

4. The issue was caused by:

  1. Security fine-tuning and change request

5. Other Relevant Notes

  1. If the user has NO location mapping, it is assumed that the user has access to ALL "Default" and "available" locations.
  2. To restrict users, you need to add a location mapping in menu: "Point of Sale ~> User options ~> User Location Access"

6. Next Step (Review and System Test (Developer) -> UAT (Quality) -> Documentation): UAT


PART B - Development Reference (Place descriptor for objects changed):


27 Sep 202210:17AM Comment 8 by Sanjay (Link Technologies) Assigned To: Development Followup Date: 29-09-2022 02:14 PM Time Taken: 5.00
The following tests were performed:

Table 1 - Test Results
NoTest CaseExpected ResultPass/FailComments
1Create two users. Admin and Sanjay. Admin has access to all Locations
Perform Sales, Delete, Park, and Discounts. All functions should work normally
Pass

2Remove user "admin" location access to MAIN only
Log in as "sanjay". Perform sale of location RETAIL. Park, discounts, and delete should not be allowed
Pass

3Give user "admin" access to Main and RETAIL locations
Log in as "sanjay". Perform sale of location RETAIL. Park, discounts, and delete can be authorised by user "admin"
Pass

4Remove mapping from user ADMIN
All functions should work and access should be granted to override
Pass

5



Environment Details

  1. OS version: Win11
  2. Application version: 14.10
  3. Setup on:
    1. Server: LinkQA4
    2. Database: LinkSOFT
    3. LinkSOFT URL: HTTP://LinkQA4/LinkSOFT
  4. Login Details: Standard username and password for user "admin"

Next Step: Closure


Attachments:
General Documents - Case: L12696:OTGLLPO1977.pdf
If you have any queries regarding this support incident, please email admin@linktechnologies.com.au and include the Case No: L12696 in the subject line of all emails regarding this issue.

Document size: 13.6 KB
For call complaints, please contact the Managing Director of the company using this form