[OFBIZ-12451] VIEW permissions FinAccount mutations - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Implemented
Affects Version/s: Trunk
Fix Version/s: None
Component/s: accounting
Labels:

Description

Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the Financial Account mutations screen sees editable fields and/or triggers (to requests) reserved for users with 'CREATE' or 'UPDATE' permissions.

See (test with):

https://demo-trunk.ofbiz.apache.org/accounting/control/EditFinAccount?finAccountId=ABN_CHECKING
https://demo-trunk.ofbiz.apache.org/accounting/control/FindPaymentsForDepositOrWithdraw

Attachments

Issue Links

links to

GitHub Pull Request #410

Activity

People

Assignee:: Pierre Smits

Reporter:: Pierre Smits

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Dec/21 08:19

Updated:: 08/Jan/22 10:15

Resolved:: 07/Jan/22 08:15