Hello all, We use *<if-has-permission* element for checking the specified permission of logged in party. There are two supported attributes as well in which *permission *is mandatory and *action *is optional. If action is not passed then it looks for specific permission.
*For Example: * <if-has-permission permission="LABEL_MANAGER_VIEW"/> It should be like <if-has-permission permission="LABEL_MANAGER" action="_VIEW"/> - Now if someone has LABEL_MANAGER_ADMIN permission, then that user won't be granted permission. It should check for _ADMIN permission as well. This is properly handled when you pass action attribute, it checks for specific permission passed and _ADMIN permission as well. Proposed solution: We must use permission and action attributes at every such code occurrences to avoid this situation. -- Best Regards, *Suraj Khurana* | Sr. Enterprise Software Engineer HotWax Commerce by HotWax Systems Plot no. 80, Scheme no. 78, Vijay Nagar, Indore, M.P. India 452010