[jira] [Commented] (OFBIZ-12384) User with only 'VIEW' permissions should not editable fields and request triggers re invoice payments

Wed, 17 Nov 2021 05:02:18 -0800 


    [ 
https://issues.apache.org/jira/browse/OFBIZ-12384?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17445152#comment-17445152
 ] 

Jacques Le Roux commented on OFBIZ-12384:
-----------------------------------------

Hi Pierre,

After an OK review, to test before blindly pushing I used the patch at 
[https://patch-diff.githubusercontent.com/raw/apache/ofbiz-framework/pull/344.patch]
It maybe does not depend on your PR, but the 2 renamings are not working.

Following 
https://stackoverflow.com/questions/26111224/how-to-properly-apply-a-patch-with-moved-renamed-files-using-git
I got:
{noformat}
C:\projectsASF\Git\ofbiz-framework>git am OFBIZ-12384.patch
error: corrupt patch at line 361
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Applying: Improved: Invoice Payments for user with 'VIEW' permission 
(OFBIZ-12384)
Patch failed at 0001 Improved: Invoice Payments for user with 'VIEW' permission 
(OFBIZ-12384)
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
{noformat}
Maybe a WIndows quirk (page encoding or BOM stuff)...

So I did
{quote} rename applications/accounting/groovyScripts/invoice/ 
\{CreateApplicationList.groovy => InvoicePayments.groovy} (100%)
{quote}
by hand and it worked

I just wonder if instead of hiding all the possible paiements we should not 
only disallow possible amounts changes?
As in 
https://demo-trunk.ofbiz.apache.org/accounting/control/editInvoiceApplications?invoiceId=8010

> User with only 'VIEW' permissions should not editable fields and request 
> triggers re invoice payments
> -----------------------------------------------------------------------------------------------------
>
>                 Key: OFBIZ-12384
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12384
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: accounting
>    Affects Versions: Trunk
>            Reporter: Pierre Smits
>            Priority: Major
>              Labels: invoice, usability
>
> Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo 
> with userId = auditor, accessing the payments screen on an invoice sees 
> fields editable and triggers to requests reserved for users with 'CREATE' or 
> 'UPDATE' permissions.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to