[
https://issues.apache.org/jira/browse/OFBIZ-12489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17481099#comment-17481099
]
Jacques Le Roux commented on OFBIZ-12489:
-----------------------------------------
[~mbrohl]
As I felt unfair your 1st comment in this Jira about me neglecting labels,
notably favorising commons against more specific ones, here is a complement to
my 1st answer. After pushing Pierre's PR more than a week ago, I felt committed
to get in the right direction.
https://github.com/apache/ofbiz-framework/commit/c3fa39ce8e9f48a050e8011a7e7fee235954a96b
https://github.com/apache/ofbiz-framework/commit/8a9596be849f6709cb17c24a598c4862e8df867c
(see HumanresMenus.xml)
https://github.com/apache/ofbiz-framework/commit/d599d7718b60f608c013396779c41916c774e84b
https://github.com/apache/ofbiz-framework/commit/092f8f532a628d56174c5eb8850774c61375c0c2
https://github.com/apache/ofbiz-framework/commit/b3ae5057149df6639e8fcf3f9043cb7d6a9ac692
are parts or this work, I hope you appreciate that.
I also hope that, despite Pierre's laziness of privileging commons labels, this
will serve as a lesson to him. No it's not an easy work, just try it!
> Product Prices - VIEW permissions
> ---------------------------------
>
> Key: OFBIZ-12489
> URL: https://issues.apache.org/jira/browse/OFBIZ-12489
> Project: OFBiz
> Issue Type: Improvement
> Components: product/catalog
> Affects Versions: Upcoming Branch
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: permissions, price, product, trust, usability, ux
> Fix For: Upcoming Branch
>
>
> Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo
> with userId = auditor, accessing the product prices screen, sees editable
> fields and/or triggers (to requests) reserved for users with 'CREATE' or
> 'UPDATE' permissions.
> See (test with):
> https://localhost:8443/catalog/control/EditProductPrices?productId=WG-9943
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
