[
https://issues.apache.org/jira/browse/OFBIZ-12380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17443382#comment-17443382
]
ASF subversion and git services commented on OFBIZ-12380:
---------------------------------------------------------
Commit 8cdfc8e095f98fb7f7e67a05dcca4c0f0999feb3 in ofbiz-framework's branch
refs/heads/trunk from Pierre Smits
[ https://gitbox.apache.org/repos/asf?p=ofbiz-framework.git;h=8cdfc8e ]
Improved: view permission vis a vis editinvoice (OFBIZ-12380) (#340)
added:
- AccountingMenus.xml: added permission conditions to 'editInvoice' menu-item
- InvoiceScreens.xml: added permission conditions to EditInvoice scrreen,
reworked fail-widget
> User with only VIEW permission should not see 'editInvoice' screen/form
> -----------------------------------------------------------------------
>
> Key: OFBIZ-12380
> URL: https://issues.apache.org/jira/browse/OFBIZ-12380
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: permissions
>
> Currently, when a user has only view permissions, as demonstrated in trunk
> demo with userId = auditor, he/she/they can access the header of an invoice.
> This shows a form with edit capabilities.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
