Project

General

Profile

Actions
Copy link

Bug #62

open

Epic #51: Security Points Checking

Story #60: Enforce safe UI behavior

Ensure UI restrictions are enforced by backend authorization, not just hidden/disabled on the frontend.

Added by rashmita rout about 1 month ago.

Status:
New
Priority:
Medium
Assignee:
Sandip Gupta
Target version:
-
Start date:
01/19/2026
Due date:
% Done:

0%

Estimated time:
Work Type:
Bug Fix
Technical Area:
Bug Origin:
Sprint
Customer Impact:
Planned Sprint:
Completed In Sprint:
Spillover Reason:
Deployment Reference URL:

Description

Link:-https://dev.career.techeela.net/

Steps:-
I v set the role as "Associate" and remove permission of create job there in account.techeela.net application. Now I came to career application and can see create job button is no more showing to me which is fine. Now I am manually tring to access the create job URL and it is allowing me to redirect to the create job page with same user and associate Role.

Open DevTools → Network
Attempt URL access again
Submit the form see the response

Expected Result:-
Backend returns 401 / 403
No sensitive API response returned

Actual Result:-
Page is loading with all accessible fields and after filling the form its gets submitted also.Backend returns 200 OK

Please find the below link for reference:-
https://thehigherpitch-my.sharepoint.com/:v:/p/rashmita_rout/IQAqRLq6WtYoSpKVVWjzU2wrAYmMAycJBM4EoKwxx1XPGxg?e=sC1BXm

No data to display

Actions
Copy link

Also available in: Atom PDF