[
https://issues.apache.org/jira/browse/OFBIZ-11784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Anil K Patel reassigned OFBIZ-11784:
------------------------------------
Assignee: Anil K Patel
> setPackageInfo process requires ACCOUNTING_VIEW permission to view invoice PDF
> ------------------------------------------------------------------------------
>
> Key: OFBIZ-11784
> URL: https://issues.apache.org/jira/browse/OFBIZ-11784
> Project: OFBiz
> Issue Type: Bug
> Components: product
> Affects Versions: 17.12.03, Trunk, Upcoming Branch
> Reporter: Pierre Smits
> Assignee: Anil K Patel
> Priority: Major
> Labels: packing, permissions, refactoring, usability
>
> In the packing process (see [1]) links are shown to the invoice and the PDF
> thereof. The packer should not have access to the invoice details in
> accounting, but should be able to view the PDF for the invoice.
> However, in order to be able to generate the PDF the packer needs VIEW
> permissions to the accounting to execute
> https://demo-stable.ofbiz.apache.org/accounting/control/invoice.pdf?invoiceId=CI1&externalLoginKey=ELa5470e53-ff90-4977-896f-8302be1752b9
> This should not be as it provides the packer with access to all accounting
> sensitive data.
> [1] https://demo-stable.ofbiz.apache.org/facility/control/setPackageInfo
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
