mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-25 18:32:17 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
24b2825b31ea2361ab953e748204dedf447ef535
opensourcepos/app/Controllers
History
Ollama 24b2825b31 Fix: Restrict employee selection in expenses and receivings forms 
Users without the 'employees' permission can no longer impersonate other
employees when creating or editing expenses and receivings. The employee
field is now restricted to the current user for new records and shows the
stored employee for existing records.

Changes:
- Expenses controller: Add permission check in getView() and postSave()
- Receivings controller: Add permission check in getEdit() and postSave()
- Form views: Conditionally display dropdown or read-only field

Fixes #3616
2026-03-17 15:32:16 +00:00
..
Attributes.php
Fix stored XSS vulnerability in Attribute Definitions (GHSA-rvfg-ww4r-rwqf) (#4429)
2026-03-14 15:33:58 +00:00
BaseController.php
Feature bump ci to 4.6.0 (#4197)
2025-04-03 14:16:06 +04:00
Cashups.php
Add filter persistence for table views via URL query string (#4400)
2026-03-11 20:11:00 +01:00
Config.php
Fix SQL injection in suggestions column configuration (#4421)
2026-03-13 18:13:54 +00:00
Customers.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Employees.php
Refactor: Move ADMIN_MODULES to constants, rename methods to camelCase
2026-03-06 17:25:25 +01:00
Expenses_categories.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Expenses.php
Fix: Restrict employee selection in expenses and receivings forms
2026-03-17 15:32:16 +00:00
Giftcards.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Home.php
Fix IDOR vulnerability in password change (GHSA-mcc2-8rp2-q6ch) (#4427)
2026-03-13 12:13:21 +01:00
index.html
Replace tabs with spaces (#4196)
2025-03-28 21:24:21 +04:00
Item_kits.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Items.php
Add filter persistence for table views via URL query string (#4400)
2026-03-11 20:11:00 +01:00
Login.php
Improve code style and PSR-12 compliance (#4204)
2025-05-02 19:37:06 +02:00
Messages.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
No_access.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Office.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Persons.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Receivings.php
Fix: Restrict employee selection in expenses and receivings forms
2026-03-17 15:32:16 +00:00
Reports.php
Fix DECIMAL attribute not respecting locale format (#4422)
2026-03-13 21:23:52 +00:00
Sales.php
Fix: Add Debit Card filter to Daily Sales and Takings
2026-03-16 18:06:00 +00:00
Secure_Controller.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Suppliers.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Tax_categories.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Tax_codes.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Tax_jurisdictions.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00
Taxes.php
Use Content-Type application/json for AJAX responses (#4357)
2026-03-04 21:42:35 +01:00