[jira] Commented: (OFBIZ-1533) Order Lookup fails with "Order not found with ID [XXXXX], or not allowed to view" message while sending email confirmation from order manager

Wed, 19 Dec 2007 19:43:04 -0800 

    [ 
https://issues.apache.org/jira/browse/OFBIZ-1533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12553571
 ] 

Raj Saini commented on OFBIZ-1533:
----------------------------------

I don't think zip code is the right way to go. If someone can find the party id 
of another user, finding zip code is easier than this.

Why not to use the security group permissions?

For example:

if context.get(partyId) is equal to userLogin.getPartyId
    allow to view the order
else if user is not in security group of FULLADMIN or ORDERADMIN 
   do not allow view to view orders



> Order Lookup fails with "Order not found with ID [XXXXX], or not allowed to 
> view" message while sending email confirmation from order manager
> ---------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-1533
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-1533
>             Project: OFBiz
>          Issue Type: Bug
>          Components: order
>    Affects Versions: SVN trunk, Release Branch 4.0
>         Environment: Ubuntu 7.10
>            Reporter: Raj Saini
>            Priority: Minor
>         Attachments: orderstatus.bsh-trunk.patch, 
> orderstatus.bsh.branch-4.0.patch
>
>
> order lookup fails and following messages, while sending email confirmation 
> from the order manager for orders created through the e-commerce or the order 
> entry.
> "Order not found with ID [XXXXX], or not allowed to view"  where [XXXXX] is 
> the order id.
> How to reproduce:
> 1. Create an order form e-commerce by logging in (as registered user).
> 2. Goto the order manager and login with FULLADMIN or ORDERADMIN security 
> group permission.
> 3. Lookup the newly created order.
> 4. Click on the send confirmation button in the top right area of the order 
> screen.
> 5. It will open up a window with the email text. Email text shows the above 
> message instead of actual order confirmation html.
> 6. You can repeat the above by creating an order from Order Entry as well.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to