Details
-
Improvement
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
Upcoming Branch
-
None
Description
Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the Party Rates screen, sees editable fields and/or triggers (to requests) reserved for users with 'CREATE' or 'UPDATE' permissions.
To see:/test:
- for DemoEmployee (rates in demo data): https://localhost:8443/partymgr/control/EditPartyRates?partyId=DemoEmployee
- for DemoEmployee2 (after merge of PR74 in plugins): https://localhost:8443/partymgr/control/EditPartyRates?partyId=DemoEmployee2
Attachments
Issue Links
- links to