Re: limit Invoice access by logged user (or the Invoice Sales Rep)

[Gabriel Oberreuter <go...@gmail.com>]

As an update to this topic:

We got it working, doing the following:

Each Invoice has an association using entity InvoiceRole with a Sales Rep.
At our company, were each sales rep gets a commision for every Inovice he
generates, when migrating invoices from our existing system to Ofbiz, we
generate these InvoiceRoles.

Invoice: Our Company -> Sales Rep = BILL_FROM_VENDOR
Invoice: Sales Rep -> Our Company = SALES_REP

Then, we are modifying the Accounting component to use groovy at all places
to process the find requests. This way, in groovy we can filter by this
association.

We use a mix of InvoiceRole with SecurityPermission of the logged user to
generate a hierarchy: if the logged user has the right permissions, no
filter is applied (an adminitrator, for example). If the logged user has
permission as a Sales Rep only, we must filter all invoices that do not
"belong" to him. Another thing we are implementing is that Sales Reps have
supervisors, or bosses, that can access not all invoices but all the ones of
the people they supervise.

It is not that easy at first, but thanks to the patterns Ofbiz follows it is
not difficult either.

Thanks again.





--
View this message in context: http://ofbiz.135035.n4.nabble.com/limit-Invoice-access-by-logged-user-or-the-Invoice-Sales-Rep-tp4671577p4672565.html
Sent from the OFBiz - User mailing list archive at Nabble.com.