Hi All, Happy New Year!
I’ve fixed the issue of maker-checker process was not working. Ticket for this issue: https://issues.apache.org/jira/browse/FINERACT-1977 Issue detailed: Even if the global configuration 'maker-checker' was enabled, and the action permission was marked as can_maker_checker true, the action was performed immediately and the result saved into the database. Although the command itself was marked with status ‘Awaiting approval’. When the command was approved, the action got performed again, and a new duplicated entity (for example create client) was saved into the database. With the PR https://github.com/apache/fineract/pull/3649, this issue has fixed. This PR is still open, please check, review, comment if you have any thoughts. Additionally there was another request regarding the maker-checker concept, that the same user should not be able to check his own commands. https://issues.apache.org/jira/browse/FINERACT-1980 The above PR also has the solution for this request. To remain backward compatible, I’ve introduced a new global configuration: 'enable-same-maker-checker’ with the default enabled value: false. Default is false, because I think that the very essence of the maker-checker process is that it requires 4 eyes (2 different users). Please note, that you can still enable this configuration and continue allowing to check (approve/reject/delete) the commands by the same maker user. There is one exception to this rule, if the checker user is a ‘Checker super user’, eg. he has permission to ‘CHECKER_SUPER_USER’ or ‘ALL_FUNCTIONS’, he can still check his own commands. Additionally, since these special users have the right to check the command anyway, already at the maker step (if the maker user is a checker super user) we perform the action. The command will have both the maker and checker users and dates set, but the status will be PROCESSED. This is a great possibility to perform maker-checker permitted actions in batch, initiated by a trusted client. Regards, Marta Jankovics
