[
https://issues.apache.org/jira/browse/FINERACT-2688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Foo Developer updated FINERACT-2688:
------------------------------------
External issue URL: https://github.com/apache/fineract/pull/6128
> Loan disbursement fails for checker-only user despite having checker
> permission
> --------------------------------------------------------------------------------
>
> Key: FINERACT-2688
> URL: https://issues.apache.org/jira/browse/FINERACT-2688
> Project: Apache Fineract
> Issue Type: Bug
> Components: Organization
> Reporter: Foo Developer
> Priority: Major
> Labels: beginner, beginner-friendly
>
> When maker-checker is enabled and a user holds only the <ACTION>_CHECKER
> permission (e.g. DISBURSE_LOAN_CHECKER) but not the base permission,
> attempting to perform that action
> returns a permission error instead of routing to the pending approval
> queue.
>
>
>
>
> Root cause:
> PortfolioCommandSourceWritePlatformServiceImpl.logCommandSource() only called
> validateHasPermissionTo(taskPermission) unconditionally, rejecting any user
> who lacks
> the base permission — even if they are a legitimate checker. Similarly,
> CommandSourceService.validateMakerChecker() only marked a command as checked
> for CHECKER_SUPER_USER,
> ignoring role-specific _CHECKER permissions.
>
>
>
>
>
> Fix:
>
>
> - In logCommandSource(): detect checker-only users (have _CHECKER but not
> base permission), look up the pending AWAITING_APPROVAL command for the same
> action/entity/resource, and
> auto-approve it. Block makers from submitting duplicate pending entries.
>
>
> - In validateMakerChecker(): broaden the isApprovedByChecker condition to
> include _CHECKER role-specific permissions, not just CHECKER_SUPER_USER.
>
> - Add CommandSourceRepository.findPendingByActionAndEntityAndResource()
> native query.
>
> - Add two domain exceptions: MakerCheckerCheckerOnlyInitiationException,
> MakerCheckerDuplicatePendingSubmissionException
--
This message was sent by Atlassian Jira
(v8.20.10#820010)