This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 4f55f51 Fixed: VIEW permissions - error when accessing
PartyAccountsSummary (OFBIZ-12419) (#370)
4f55f51 is described below
commit 4f55f51ea4a56b437f7e503b5b47fa32c65178e5
Author: Pierre Smits <[email protected]>
AuthorDate: Tue Nov 30 11:33:34 2021 +0100
Fixed: VIEW permissions - error when accessing PartyAccountsSummary
(OFBIZ-12419) (#370)
When a user with VIEW permissions (e.g. auditor) access the
PartyAccountSummary via following uri, an error is shown.
https://demo-trunk.ofbiz.apache.org/accounting/control/PartyAccountsSummary
The Following Errors Occurred:
You haven't the permission for the service setAcctgCompany, reason : Access
refused
Modified: services_admin.xml
changed permission service check from "CREATE" to "VIEW".
---
applications/accounting/servicedef/services_admin.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/applications/accounting/servicedef/services_admin.xml
b/applications/accounting/servicedef/services_admin.xml
index 7b17169..6a522b7 100644
--- a/applications/accounting/servicedef/services_admin.xml
+++ b/applications/accounting/servicedef/services_admin.xml
@@ -84,7 +84,7 @@ under the License.
<service name="setAcctgCompany" engine="groovy"
location="component://accounting/groovyScripts/admin/AcctgAdminServices.groovy"
invoke="setAcctgCompany" auth="true">
<description>Set Accounting Company when select</description>
- <permission-service service-name="acctgPrefPermissionCheck"
main-action="CREATE"/>
+ <permission-service service-name="acctgPrefPermissionCheck"
main-action="VIEW"/>
<attribute type="String" mode="INOUT" name="organizationPartyId"
optional="true"/>
</service>
