Joget DX 8 Stable Released
The stable release for Joget DX 8 is now available, with a focus on UX and Governance.
Hi, All:
Refer to the instruction in http://dev.joget.org/community/display/KB/Showing+Process+Instance+%28List+Record%29+Data+in+a+Form
I found user just need to change the id number in the url, then he can see all the content of the forms that was applied by other people.
For example :http://localhost:8080/jw/web/userview/leaveApp/userview//applicationForm?id=21162_leaveApp_applyLeaveProcesshttp://localhost:8080/jw/web/userview/leaveApp/userview//applicationForm?id=21163_leaveApp_applyLeaveProcesshttp://localhost:8080/jw/web/userview/leaveApp/userview//applicationForm?id=21164_leaveApp_applyLeaveProcessHow can I prevent this ?
Appreciate your kindly help.
Best Regards
Jonathan Yang