[
https://issues.apache.org/jira/browse/OFBIZ-12429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17453340#comment-17453340
]
Pierre Smits commented on OFBIZ-12429:
--------------------------------------
Bonjour Jacques,
Thank you for the feedback.
My apologies. I should have provided means to test this in trunk in the
description of the ticket.
This is what I did this morning (after your comment, before this comment)
regarding
[https://demo-trunk.ofbiz.apache.org/accounting/control/invoiceOverview?invoiceId=demo10001]
# I logged into accounting with userId=admin, and went to above mentioned
invoice.
# There I added a term for the invoice, and went back to the overview page of
the invoice.
# After logging out of the environment as user=admin, and logging in as
user=auditior I went back into the invoice.
# I observed in the section of the terms that a term line is visible which has
triggers (buttons) reserved for users with CREATE/UPDATE permissions (see
attached image).
> VIEW permissions - invoice overview term triggers
> -------------------------------------------------
>
> Key: OFBIZ-12429
> URL: https://issues.apache.org/jira/browse/OFBIZ-12429
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: invoice, overview, permissions, usability
> Attachments: Screenshot 2021-12-04 at 10.40.39.png
>
>
> Currently, when using a userId with only VIEW permission, the section terms
> shows triggers to term line items in the invoice overview. This should not
> be, as those triggers on the line items are reserved for users with
> CREATE/UPDATE permissions.
> See (test with):
> https://localhost:8443/accounting/control/invoiceOverview?invoiceId=demo10001
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
