[
https://issues.apache.org/jira/browse/OFBIZ-12380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17443386#comment-17443386
]
Pierre Smits commented on OFBIZ-12380:
--------------------------------------
Hi Jacques,
We won't be able to tell unless we go investigate. Any contributor can do that
investigation.
> User with only VIEW permission should not see 'editInvoice' screen/form
> -----------------------------------------------------------------------
>
> Key: OFBIZ-12380
> URL: https://issues.apache.org/jira/browse/OFBIZ-12380
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: permissions
> Fix For: Upcoming Branch
>
>
> Currently, when a user has only view permissions, as demonstrated in trunk
> demo with userId = auditor, he/she/they can access the header of an invoice.
> This shows a form with edit capabilities.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
