[
https://issues.apache.org/jira/browse/OFBIZ-12384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Smits updated OFBIZ-12384:
---------------------------------
Description:
Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo
with userId = auditor, accessing the payments screen on an invoice sees fields
editable and triggers to requests reserved for users with 'CREATE' or 'UPDATE'
permissions.
To see (test):
https://demo-trunk.ofbiz.apache.org/accounting/control/editInvoiceApplications?invoiceId=demo10001
was:Currently, a user with only 'VIEW' permissions, as demonstrated in trunk
demo with userId = auditor, accessing the payments screen on an invoice sees
fields editable and triggers to requests reserved for users with 'CREATE' or
'UPDATE' permissions.
> User with only 'VIEW' permissions and invoice payments
> ------------------------------------------------------
>
> Key: OFBIZ-12384
> URL: https://issues.apache.org/jira/browse/OFBIZ-12384
> Project: OFBiz
> Issue Type: Improvement
> Components: accounting
> Affects Versions: Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: invoice, usability
>
> Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo
> with userId = auditor, accessing the payments screen on an invoice sees
> fields editable and triggers to requests reserved for users with 'CREATE' or
> 'UPDATE' permissions.
> To see (test):
> https://demo-trunk.ofbiz.apache.org/accounting/control/editInvoiceApplications?invoiceId=demo10001
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
