Basically what I’m trying to do is, restrict users to see the transactions only related to the company they are linked to. I’m able to achieve most of it, but I’ve stuck with one issue.
Say that I have two companies A and B and two user testuser1 and testuser2. I’ve added user permissions for both the users i.e testuser1 has permission to only company A and testuser2 has got permission to company B as shown in the image below-
So the assumption here is that when you login as testuser1 he should not see the company B. This does happen as expected as shown in the image below-
Restrictions are also proper -
But when I take the url of the company B and try to access it from testuser1, I’m able to see the company B as shown in the image below-
I assume it’ll behave the same way all over the system, So coming to the question here-
Is this the normal behaviour?
Is there something I am doing wrong ?
If I’m wrong Is there another way to restrict user based on the permission I set him?