Ticket #64 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

Edit DID offers a list of all DIDs, not just your card's DIDs.

Reported by: stavros Assigned to: areski
Priority: critical Milestone: milestone Version 1.3
Component: Customer UI Version: Branch 1.3.x
Keywords: Cc: stavros

Description

This bug offers customers the opportunity to 'borrow' a DID from another customer via the Customer UI.
To reproduce:

  • Admin UI
    • Create a DID group and 2 DIDs
  • Customer UI
    • As user1 allocate DID1 to yourself
    • As user2 allocate DID2 to yourself
    • As either user EDIT your DID: The DID combo box shows all the DIDs, not just those you own. This means you could reallocate a DID currently reserved for another customer.

Attachments

FG_var_did.inc.patch.txt (1.3 kB) - added by asiby on 11/27/07 22:27:57.

Change History

(in reply to: ↑ description ) 09/12/07 10:17:59 changed by stavros

  • version set to Branch 1.3.x.

I think I've narrowed down the code involved to lines 78-86 of A2BCustomer_UI/form_data/FG_var_did.inc. 

$HD_Form -> AddEditElement (gettext("DID"),
	"id_cc_did",
	'$value',
	"SELECT",
	"", "", "",
	"sql",
	"cc_did",
	"did, id",
	"id_cc_didgroup = '".$_SESSION["id_didgroup"]."'", "", "%1", "" , "");

I've experimented with it quite a lot now, but I have to admit I really don't understand how to fix it. I thought it might be possible to use AddViewElement? instead, but then I failed on that count too :-(.

11/27/07 19:47:08 changed by asiby

  • status changed from new to closed.
  • resolution set to fixed.

Here is the fix.

The attached patch allow does the following:

- removing the delete button in the DID page of the Customer UI. This delete button should not be there cause for the moment, it only deletes the DID without releasing it. So the DID becomes unavailable to all clients.

- Displaying only be DIDs that have been purchased by the customer in edit mode.

11/27/07 21:59:24 changed by asiby

I was just looking more closely at the problem of the delete button under the DID menu of the Customer UI. The truth is, on that page, the list called " - DID LIST -" should rather be called "Destination List". That particular fact makes users think that deleting what they believe to be a DID, they will also release that DID. But in fact, they would be deleting a destination. That will leave that DID without a destination until they choose to add a destination by clicking on the link "Add Phone Number to your DID".

Long story to say that I have reactivated the "delete" button in the above patch.

11/27/07 22:27:27 changed by asiby

I have change the naming scheme to reflect that of destinations instead of DIDs. It's in the patch.

11/27/07 22:27:57 changed by asiby

  • attachment FG_var_did.inc.patch.txt added.

11/28/07 03:00:00 changed by areski

Well you got the correct point here. Despite I think there is no need here to modify the DID when u click on edit other parameters should be editable but not to switch the DID Number.

I guess it will make sense ?

11/28/07 03:09:35 changed by areski

I just committed on svn : revision 432 let me know, Areski

11/28/07 06:47:52 changed by asiby

Yes, I think that that will make a lot of sense.

Regards

Asiby



Google