mirror/opensourcepos
1
0
Fork 0
mirror of https://github.com/opensourcepos/opensourcepos.git synced 2026-03-11 19:50:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
85889b6e6524dfdfe42e65fa786d6745521a1fb4
opensourcepos/app/Language/en/Employees.php
jekkos 19eb43270a Fix broken object-level authorization in Employees controller (CVE-worthy) (#4391) 
- Non-admin employees can no longer view/modify admin accounts
- Non-admin employees can no longer delete admin accounts
- Non-admin employees can only grant permissions they themselves have
- Added is_admin() and can_modify_employee() methods to Employee model
- Prevents privilege escalation via permission grants

Add tests for BOLA fix and permission delegation

- EmployeeTest: Unit tests for is_admin() and can_modify_employee() methods
- EmployeesControllerTest: Test cases for authorization checks (integration tests require DB)
- ReportsControllerTest: Test validating the constructor redirect fix pattern

Fix return type error in Employees controller

Use $this->response->setJSON() instead of echo json_encode() + return
to properly satisfy the ResponseInterface return type.
2026-03-05 19:46:39 +01:00

48 lines
2.9 KiB
PHP
Raw Blame History

<?php
return [
"administrator" => "",
"basic_information" => "Information",
"cannot_be_deleted" => "Unable to delete selected employee(s), one or more of the has processed sales or you are trying to delete your account.",
"change_employee" => "",
"change_password" => "Change Password",
"clerk" => "",
"commission" => "",
"confirm_delete" => "Are you sure you want to delete the selected employee(s)?",
"confirm_restore" => "Are you sure you want to restore selected employee(s)?",
"current_password" => "Current Password",
"current_password_invalid" => "Current Password is invalid.",
"employee" => "Employee",
"error_adding_updating" => "Employee add or update failed.",
"error_deleting_admin" => "You cannot delete an admin user.",
"error_deleting_demo_admin" => "You can not delete the demo admin user.",
"error_updating_admin" => "You cannot modify an admin user.",
"error_updating_demo_admin" => "You can not change the demo admin user.",
"language" => "Language",
"login_info" => "Login",
"manager" => "",
"new" => "New Employee",
"none_selected" => "You have not selected any employee(s) to delete.",
"one_or_multiple" => "employee(s)",
"password" => "Password",
"password_minlength" => "Password must be at least 8 characters in length.",
"password_must_match" => "Passwords do not match.",
"password_not_must_match" => "Current password and new password must be unique.",
"password_required" => "Password is required.",
"permission_desc" => "Check the boxes below to grant access to modules.",
"permission_info" => "Permissions",
"repeat_password" => "Password Again",
"subpermission_required" => "Add at least one grant for each module.",
"successful_adding" => "Employee add successful.",
"successful_change_password" => "Password change successful.",
"successful_deleted" => "You have successfully deleted",
"successful_updating" => "You have successfully updated employee",
"system_language" => "System Language",
"unsuccessful_change_password" => "Password change failed.",
"update" => "Update Employee",
"username" => "Username",
"username_duplicate" => "Employee username is already in use. Please choose another one.",
"username_minlength" => "Username must be at least 5 characters in length.",
"username_required" => "Username is a required field.",
];
Reference in New Issue View Git Blame Copy Permalink