[ http://issues.apache.org/jira/browse/OFBIZ-118?page=comments#action_12424304 ] BJ Freeman commented on OFBIZ-118: ----------------------------------
Adrian If I remember the wigets had not fully developed and you did some things in the bsh files. The ecommerce profile widget has security for login. what I would like to see is this plus a check if Admin rights. if Admin rights then override the login. That way Admins can see all, a further enhancement. Lets take the profile as an example. currently in ecommerces it is setup so only the login can view. in Party it can be seen by anyone. By making a change to it so if admin is viewing, then the admin can see any profile. Now companies have their own way of who has what permission or role. and ofbiz allows the consultant to create these. if say we think in in organization structure, and make groups that would fit different structures, then have a single group for the widget, these other structures can be added by the organization. > Roles and Security for Display of data. > --------------------------------------- > > Key: OFBIZ-118 > URL: http://issues.apache.org/jira/browse/OFBIZ-118 > Project: OFBiz (The Open for Business Project) > Issue Type: Improvement > Components: accounting, content, ecommerce, humanres, manufacturing, > marketing, order, party, product, workeffort > Affects Versions: SVN trunk > Reporter: BJ Freeman > > There is a need to be able to block viewing info except that info that may > pertain to that login (partyID) > The is not taking into consideration Admin or Managers levels. > for instance you have employees who should not be able to see each others > profiles, payroll information, and/or time sheets, as a few examples. > another area, if an communication event is set to private, no one but the > party ID associated with the email address should be able to see them. > So this is a discussion about how to best implement this. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
