[jira] [Commented] (OFBIZ-12380) User with only VIEW permission should not see 'editInvoice' screen/form

Jacques Le Roux (Jira) Sun, 14 Nov 2021 08:26:33 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17443384#comment-17443384
 ]


Jacques Le Roux commented on OFBIZ-12380:
-----------------------------------------

BTW, are there no other cases like this one?

> User with only VIEW permission should not see 'editInvoice' screen/form
> -----------------------------------------------------------------------
>
>                 Key: OFBIZ-12380
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12380
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: accounting
>    Affects Versions: Trunk
>            Reporter: Pierre Smits
>            Assignee: Pierre Smits
>            Priority: Major
>              Labels: permissions
>
> Currently, when a user has only view permissions, as demonstrated in trunk 
> demo with userId = auditor, he/she/they can access the header of an invoice. 
> This shows a form with edit capabilities.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (OFBIZ-12380) User with only VIEW permission should not see 'editInvoice' screen/form

Reply via email to