You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Pierre Smits (Jira)" <ji...@apache.org> on 2021/12/08 09:00:00 UTC

[jira] [Closed] (OFBIZ-12427) VIEW permissions and Payment Applications

     [ https://issues.apache.org/jira/browse/OFBIZ-12427?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Pierre Smits closed OFBIZ-12427.
--------------------------------
    Fix Version/s: Upcoming Branch
       Resolution: Implemented

Thanks to Jacques for his assistance to get this into the codebase.

> VIEW permissions and Payment Applications
> -----------------------------------------
>
>                 Key: OFBIZ-12427
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12427
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: accounting
>    Affects Versions: Trunk
>            Reporter: Pierre Smits
>            Assignee: Pierre Smits
>            Priority: Major
>              Labels: payment, permission, usability
>             Fix For: Upcoming Branch
>
>
> Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the Payment Applications screen on a payment, sees editable fields and/or triggers (to requests) reserved for users with 'CREATE' or 'UPDATE' permissions.
> This can be observed/tested via:
>  * [https://demo-trunk.ofbiz.apache.org/accounting/control/editPaymentApplications?paymentId=8004]
>  * [https://demo-trunk.ofbiz.apache.org/accounting/control/editPaymentApplications?paymentId=8003]
>  * etc.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)