You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@ofbiz.apache.org by "Pierre Smits (Jira)" <ji...@apache.org> on 2021/12/01 21:05:00 UTC
[jira] [Created] (OFBIZ-12427) VIEW permissions and Payment Applications
Pierre Smits created OFBIZ-12427:
------------------------------------
Summary: VIEW permissions and Payment Applications
Key: OFBIZ-12427
URL: https://issues.apache.org/jira/browse/OFBIZ-12427
Project: OFBiz
Issue Type: Improvement
Components: accounting
Affects Versions: Trunk
Reporter: Pierre Smits
Assignee: Pierre Smits
Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the Payment Applications screen on a payment, sees editable fields and/or triggers (to requests) reserved for users with 'CREATE' or 'UPDATE' permissions.
This can be observed/tested via:
* [https://demo-trunk.ofbiz.apache.org/accounting/control/editPaymentApplications?paymentId=8004]
* [https://demo-trunk.ofbiz.apache.org/accounting/control/editPaymentApplications?paymentId=8003]
* etc.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)