Assets 4

This release includes some very critical security fixes. We recommend upgrading your installation to the latest release.

Features

  • Allow passing additional parameters to payroll predefined methods
  • Pass leave type name in function field to get leave count for a given type
  • Add employee name to payroll report
  • Show supervisor name on employee profile
  • Add custom fields to employee report
  • Add filter by status feature to subordinate time sheets

Security Fixes

  • Fix missing login form CSRF token
  • Fix risky usage of the hashed password in the request
  • Fixing permission issues on module access for each user level
  • Prevent manager from accessing sensitive user records

Other Fixes

  • Hide employee salary from managers
  • Prevent manager from accessing audit, cron and notifications
  • Prevent managers from deleting employees
  • Validate overtime start and end times
  • Fix issue: the employee can download draft payroll