You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@ofbiz.apache.org by "Pawan Verma (JIRA)" <ji...@apache.org> on 2019/05/11 18:44:00 UTC

[jira] [Commented] (OFBIZ-10901) Editable screens/forms are shown to user with only VIEW permissions

    [ https://issues.apache.org/jira/browse/OFBIZ-10901?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16837909#comment-16837909 ] 

Pawan Verma commented on OFBIZ-10901:
-------------------------------------

I think we need to make a list of suspected area and possibly create sub-tickets for each component to make it easy for development and review. Please provide an example of a suspected area so that the one who work one this gets a clear idea.

Thoughts, please!

> Editable screens/forms are shown to user with only VIEW permissions
> -------------------------------------------------------------------
>
>                 Key: OFBIZ-10901
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10901
>             Project: OFBiz
>          Issue Type: Bug
>          Components: ALL APPLICATIONS
>    Affects Versions: Trunk, Release Branch 16.11, Release Branch 17.12, Release Branch 18.12
>            Reporter: Pierre Smits
>            Priority: Major
>
> Edit screens should not be shown to users who have only VIEW permissions. They should be shown only display screens. 
> When such a user is misled and enters data to change the record an error is thrown.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)