Bug #61: A user must not access restricted pages or actions by directly manipulating the URL, - Tingg - Redmine

Actions

Copy link

Bug #61

open

Epic #51: Security Points Checking

Story #60: Enforce safe UI behavior

A user must not access restricted pages or actions by directly manipulating the URL,

Added by rashmita rout about 1 month ago.

Status:

New

Priority:

Medium

Assignee:

Suman dobriyal

Target version:

Start date:

01/19/2026

Due date:

% Done:

Estimated time:

Work Type:

Bug Fix

Technical Area:

Bug Origin:

Sprint

Customer Impact:

Planned Sprint:

Completed In Sprint:

Spillover Reason:

Deployment Reference URL:

Description

Link:-https://dev.career.techeela.net/

Steps:-
I v set the role as "Associate" and remove permission of create job there in account.techeela.net application. Now I came to career application and can see create job button is no more showing to me which is fine. Now I am manually tring to access the create job URL and it is allowing me to redirect to the create job page with same user and associate Role.

Expected Result:-
Access denied
Redirect to safe page (Home / Dashboard)
Clear “Not Authorized” message

Actual Result:-
Page is loading with all accessible fields and after filling the form its gets submitted also.
Please find the below link for reference:-
https://thehigherpitch-my.sharepoint.com/:v:/p/rashmita_rout/IQAqRLq6WtYoSpKVVWjzU2wrAYmMAycJBM4EoKwxx1XPGxg?e=sC1BXm

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Tingg

Custom queries

Bug #61

A user must not access restricted pages or actions by directly manipulating the URL,