[
https://issues.apache.org/jira/browse/OFBIZ-11784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Smits updated OFBIZ-11784:
---------------------------------
Labels: packing permissions refactoring usability (was: packing
refactoring usability)
> setPackageInfo process requires ACCOUNTING_VIEW permission to view invoice PDF
> ------------------------------------------------------------------------------
>
> Key: OFBIZ-11784
> URL: https://issues.apache.org/jira/browse/OFBIZ-11784
> Project: OFBiz
> Issue Type: Bug
> Components: product
> Affects Versions: 17.12.03, Trunk
> Reporter: Pierre Smits
> Priority: Major
> Labels: packing, permissions, refactoring, usability
>
> In the packing process (see [1]) links are shown to the invoice and the PDF
> thereof. The packer should not have access to the invoice details in
> accounting, but should be able to view the PDF for the invoice.
> However, in order to be able to generate the PDF the packer needs VIEW
> permissions to the accounting to execute
> https://demo-stable.ofbiz.apache.org/accounting/control/invoice.pdf?invoiceId=CI1&externalLoginKey=ELa5470e53-ff90-4977-896f-8302be1752b9
> This should not be as it provides the packer with access to all accounting
> sensitive data.
> [1] https://demo-stable.ofbiz.apache.org/facility/control/setPackageInfo
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
