Action Items are Editable From the URL
search cancel

Action Items are Editable From the URL

book

Article ID: 135947

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Action Items that cannot normally be edited via the UI can be edited if the url is modified.


Steps to Reproduce:
1. Log in as User1
2. Go to Home - Organizer
3. Under the Action Items tab, click on New 
4. Enter the required fields and select a different user (User2) to assign the Action Item to
5. Click on Save and Return
6. Login as User2
7. Go to Home - Organizer
8. On the Action Items tab, click on New
9. Enter the required fields and save the Action Item
10. On the Action Items list, open the Action Item that was created by User1 on Steps3-5
Notice that there is no Edit button on the bottom of the Action Item details to edit the Action Item. 
11. Copy the internal action item ID from the URL. Example: 5004001
Sample URL: http://<clarityServer>/niku/nu#action:calendar.actionitemDetails&odf_pk=5004001&odf_view=actionitemDetails&cancelAction=calendar.actionItemList
12. Back on the Action Items list, open the Action Item created by User2 on Steps8-9
Notice that this Action Item is editable as the Edit button appears on the the page. 
13. Click on the Edit button
14. Replace the action item ID on the URL with the ID of the first action item. 
Original URL after clicking on Edit button: 
http://<clarityServer>/niku/nu#action:calendar.actionitemProperties&odf_pk=5004002&odf_view=actionitemUpdate&returnAction&uitk.session.uuid=538b3e73-82f3-4cad-a0bc-962aeaa9bbd7
Updated URL with other Action Item ID: 
http://<clarityServer>/niku/nu#action:calendar.actionitemProperties&odf_pk=5004001&odf_view=actionitemUpdate&returnAction&uitk.session.uuid=538b3e73-82f3-4cad-a0bc-962aeaa9bbd7


Expected Results: The edit page does not come up for the Action Item that User2 should not be able to edit. No edits are allowed to be saved. 
Actual Results: The edit page comes up for the Action Item that was assigned to User2 that he should not be able to edit. Edits made to the Action Item can be saved.

Environment

Release : All PPM Releases

Component : CA PPM COLLABORATION (DOC & ACTION ITEMS)

Cause

Caused by DE50575

Resolution

DE50575 is currently under review by engineering for a resolution. 


There is currently no way to prevent users from being able to edit action items when the URL is modified in this way. However, audit can be enabled on the Action Item fields to track when unexpected changes are made to the Action Items. 

Powered by Wolken Software