[
https://issues.apache.org/jira/browse/OFBIZ-12489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480587#comment-17480587
]
Jacques Le Roux commented on OFBIZ-12489:
-----------------------------------------
Hi Michael,
Thanks for taking care of labels, I totally agree with you.
As can be seen at
https://github.com/apache/ofbiz-framework/pull/437/commits/acf61239447f048bcabb32931939edbcf8c926e4
and
https://github.com/apache/ofbiz-framework/pull/451/commits/2830fb09ba31a18be5f5e9b55ef2cc962fb51dd1
By co-authoring I already took care of similar cases before merging and pushing
these PRs.
As you have already made a good part of the work by spotting the issues, rather
than blindy reverting commits, I invite you as doing the samen now in the trunk.
Same applies to OFBIZ-12494. If you are enable to do it, I might pick those
cases in future. It not as easy as it might be seen. But reverting is not here
the solution, nobody's perfect.
> Product Prices - VIEW permissions
> ---------------------------------
>
> Key: OFBIZ-12489
> URL: https://issues.apache.org/jira/browse/OFBIZ-12489
> Project: OFBiz
> Issue Type: Improvement
> Components: product/catalog
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: permissions, price, product, trust, usability, ux
> Fix For: Upcoming Branch
>
>
> Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo
> with userId = auditor, accessing the product prices screen, sees editable
> fields and/or triggers (to requests) reserved for users with 'CREATE' or
> 'UPDATE' permissions.
> See (test with):
> https://localhost:8443/catalog/control/EditProductPrices?productId=WG-9943
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
