[jira] [Commented] (OFBIZ-12893) Screen Security in Party should not show create trigger to user with only VIEW permission.
[ https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17837099#comment-17837099 ] Jacques Le Roux commented on OFBIZ-12893: - Hi Pierre, I don't know what I was thinking about. As I said bq. It could be even backported of course it should be backported to 18, but I'll not to the "smelly" (kidding) 22 (indeed not 20) > Screen Security in Party should not show create trigger to user with only > VIEW permission. > -- > > Key: OFBIZ-12893 > URL: https://issues.apache.org/jira/browse/OFBIZ-12893 > Project: OFBiz > Issue Type: Improvement > Components: party >Affects Versions: Upcoming Branch >Reporter: Pierre Smits >Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create something is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OFBIZ-12893) Screen Security in Party should not show create trigger to user with only VIEW permission.
[ https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17836971#comment-17836971 ] Pierre Smits commented on OFBIZ-12893: -- Hi Jacques, bq. Sincerely I'll not backport to R18.12; and R20.01, like Zappa said, is not dead, it just smells funny. Indeed it does. Is r20.01 even a thing? When you delve into where this rabbit hole (the menu-item 'security') leads, you'll find that it does not pointto a screen in the party component, or even the webtools component (where it is totally appropriate to have), but to the common component in the framework folder. > Screen Security in Party should not show create trigger to user with only > VIEW permission. > -- > > Key: OFBIZ-12893 > URL: https://issues.apache.org/jira/browse/OFBIZ-12893 > Project: OFBiz > Issue Type: Improvement > Components: party >Affects Versions: Upcoming Branch >Reporter: Pierre Smits >Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create something is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OFBIZ-12893) Screen Security in Party should not show create trigger to user with only VIEW permission.
[ https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17836968#comment-17836968 ] Jacques Le Roux commented on OFBIZ-12893: - Hi Pierre, Sincerely I'll not backport to R18.12; and R20.01, like Zappa said, is not dead, it just smells funny. > Screen Security in Party should not show create trigger to user with only > VIEW permission. > -- > > Key: OFBIZ-12893 > URL: https://issues.apache.org/jira/browse/OFBIZ-12893 > Project: OFBiz > Issue Type: Improvement > Components: party >Affects Versions: Upcoming Branch >Reporter: Pierre Smits >Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create something is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OFBIZ-12893) Screen Security in Party should not show create trigger to user with only VIEW permission.
[ https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17836780#comment-17836780 ] Pierre Smits commented on OFBIZ-12893: -- Hi Jacques, While it may be regarded as an issue of low severity (per your linked page), it should be regarded as higher because it all has to do with the appeal of OFBiz to potential adopters. When we OOTB show action triggers or create/edit pages to users (either via demo sites or in downloaded versions), the potential adopter may regarded the product as not mature and costly to improve. And thus opt for other solutions. > Screen Security in Party should not show create trigger to user with only > VIEW permission. > -- > > Key: OFBIZ-12893 > URL: https://issues.apache.org/jira/browse/OFBIZ-12893 > Project: OFBiz > Issue Type: Improvement > Components: party >Affects Versions: Upcoming Branch >Reporter: Pierre Smits >Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create something is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (OFBIZ-12893) Screen Security in Party should not show create trigger to user with only VIEW permission.
[ https://issues.apache.org/jira/browse/OFBIZ-12893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17814687#comment-17814687 ] Jacques Le Roux commented on OFBIZ-12893: - That sounds reasonable to me indeed, would you provide a patch? It could be even backported, it's a kind of low severity: https://security.apache.org/blog/severityrating/ > Screen Security in Party should not show create trigger to user with only > VIEW permission. > -- > > Key: OFBIZ-12893 > URL: https://issues.apache.org/jira/browse/OFBIZ-12893 > Project: OFBiz > Issue Type: Improvement > Components: party >Affects Versions: Upcoming Branch >Reporter: Pierre Smits >Priority: Major > > When accessing > [https://demo-trunk.ofbiz.apache.org/partymgr/control/FindSecurityGroup] as a > user with only VIEW permissions (e.g. userId = auditor) the action trigger to > create something is shown. > This should not be visible to such a user as it leads to an undesired effect > and diminished user experience. -- This message was sent by Atlassian Jira (v8.20.10#820010)
