[OFBIZ-12384] User with only 'VIEW' permissions and invoice payments - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Implemented
Affects Version/s: Trunk
Fix Version/s: None
Component/s: accounting
Labels:
- invoice
- usability

Description

Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the payments screen on an invoice sees fields editable and triggers to requests reserved for users with 'CREATE' or 'UPDATE' permissions.

To see (test): https://demo-trunk.ofbiz.apache.org/accounting/control/editInvoiceApplications?invoiceId=demo10001

Attachments

Issue Links

is related to

OFBIZ-12406 remove trigger links in InvoiceOverview already present in menu-items

Closed

OFBIZ-12403 Duplicated possible payment at /accounting/control/editInvoiceApplications?invoiceId=8010

Closed

relates to

OFBIZ-12405 Rename invoiceApplications menu-item label to Payments

Open

OFBIZ-12404 Removing redundant property-maps for labels reference in InvoiceOverview

Closed

links to

GitHub Pull Request #344

GitHub Pull Request #386

(1 links to)

Activity

People

Assignee:: Pierre Smits

Reporter:: Pierre Smits

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 16/Nov/21 12:11

Updated:: 11/Jan/22 09:37

Resolved:: 08/Dec/21 12:44