[ https://issues.apache.org/jira/browse/OFBIZ-11784?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Pierre Smits updated OFBIZ-11784: --------------------------------- Labels: packing permissions refactoring usability (was: packing refactoring usability) > setPackageInfo process requires ACCOUNTING_VIEW permission to view invoice PDF > ------------------------------------------------------------------------------ > > Key: OFBIZ-11784 > URL: https://issues.apache.org/jira/browse/OFBIZ-11784 > Project: OFBiz > Issue Type: Bug > Components: product > Affects Versions: 17.12.03, Trunk > Reporter: Pierre Smits > Priority: Major > Labels: packing, permissions, refactoring, usability > > In the packing process (see [1]) links are shown to the invoice and the PDF > thereof. The packer should not have access to the invoice details in > accounting, but should be able to view the PDF for the invoice. > However, in order to be able to generate the PDF the packer needs VIEW > permissions to the accounting to execute > https://demo-stable.ofbiz.apache.org/accounting/control/invoice.pdf?invoiceId=CI1&externalLoginKey=ELa5470e53-ff90-4977-896f-8302be1752b9 > This should not be as it provides the packer with access to all accounting > sensitive data. > [1] https://demo-stable.ofbiz.apache.org/facility/control/setPackageInfo -- This message was sent by Atlassian Jira (v8.3.4#803005)