[
https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836971#comment-17836971
]
Pierre Smits commented on OFBIZ-12893:
--------------------------------------
Hi Jacques,
bq. Sincerely I'll not backport to R18.12; and R20.01, like Zappa said, is not
dead, it just smells funny.
Indeed it does. Is r20.01 even a thing?
When you delve into where this rabbit hole (the menu-item 'security') leads,
you'll find that it does not pointto a screen in the party component, or even
the webtools component (where it is totally appropriate to have), but to the
common component in the framework folder.
> Screen Security in Party should not show create trigger to user with only
> VIEW permission.
> ------------------------------------------------------------------------------------------
>
> Key: OFBIZ-12893
> URL: https://issues.apache.org/jira/browse/OFBIZ-12893
> Project: OFBiz
> Issue Type: Improvement
> Components: party
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Priority: Major
>
> When accessing
> [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a
> user with only VIEW permissions (e.g. userId = auditor) the action trigger to
> create something is shown.
> This should not be visible to such a user as it leads to an undesired effect
> and diminished user experience.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
