[
https://issues.apache.org/jira/browse/OFBIZ-12419?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17450633#comment-17450633
]
Pierre Smits commented on OFBIZ-12419:
--------------------------------------
The request "PartyAccountsSummary" has an event that invokes the
"setAcctgCompany" service, which is about setting user preferences. This
service, however, has a permission-service "acctgPrefPermissionCheck"with
main-action="CREATE" permissions.
This main-action="CREATE" is incorrect for this service. It should have been
main-action="VIEW". The user must be able to access (a record in) the
PartyAcctgPreference table, so that details from that record can be used to set
his/her/their UserPreference via service "setUserPreference".
> VIEW permissions - error when accessing PartyAccountsSummary
> ------------------------------------------------------------
>
> Key: OFBIZ-12419
> URL: https://issues.apache.org/jira/browse/OFBIZ-12419
> Project: OFBiz
> Issue Type: Bug
> Components: accounting
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Priority: Major
> Labels: gl-account, permissions, usability
>
> When a user with VIEW permissions (e.g. auditor) access the
> PartyAccountSummary via following uri, an error is shown.
> [https://demo-trunk.ofbiz.apache.org/accounting/control/PartyAccountsSummary]
> {code:java}
> The Following Errors Occurred:
> You haven't the permission for the service setAcctgCompany, reason : Access
> refused {code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
