Hi All,

Happy New Year!

I’ve fixed the issue of maker-checker process was not working.
Ticket for this issue: https://issues.apache.org/jira/browse/FINERACT-1977
Issue detailed: Even if the global configuration 'maker-checker' was enabled, 
and the action permission was marked as can_maker_checker true, the action was 
performed immediately and the result saved into the database. Although the 
command itself was marked with status ‘Awaiting approval’. When the command was 
approved, the action got performed again, and a new duplicated entity (for 
example create client) was saved into the database.

With the PR  https://github.com/apache/fineract/pull/3649, this issue has 
fixed. This PR is still open, please check, review, comment if you have any 
thoughts.

Additionally there was another request regarding the maker-checker concept, 
that the same user should not be able to check his own commands.
https://issues.apache.org/jira/browse/FINERACT-1980

The above PR also has the solution for this request. To remain backward 
compatible, I’ve introduced a new global configuration: 
'enable-same-maker-checker’
with the default enabled value: false. Default is false, because I think that 
the very essence of the maker-checker process is that it requires 4 eyes (2 
different users).
Please note, that you can still enable this configuration and continue allowing 
to check (approve/reject/delete) the commands by the same maker user.

There is one exception to this rule, if the checker user is a ‘Checker super 
user’, eg. he has permission to ‘CHECKER_SUPER_USER’ or  ‘ALL_FUNCTIONS’, he 
can still check his own commands.
Additionally, since these special users have the right to check the command 
anyway, already at the maker step (if the maker user is a checker super user) 
we perform the action. The command will have both the maker and checker users 
and dates set, but the status will be PROCESSED.
This is a great possibility to perform maker-checker permitted actions in 
batch, initiated by a trusted client.

Regards,
Marta Jankovics

Reply via email to