Skip to content

Improved: VIEW permissions FinAccount roles (OFBIZ-12435) #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JacquesLeRoux merged 1 commit into from
Dec 7, 2021
Merged

Improved: VIEW permissions FinAccount roles (OFBIZ-12435) #393

JacquesLeRoux merged 1 commit into from
Dec 7, 2021

Conversation

@PierreSmits
Copy link
Member

@PierreSmits PierreSmits commented Dec 7, 2021
edited by JacquesLeRoux
Loading

Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the Financial Account Roles screen sees editable fields and/or triggers (to requests) reserved for users with 'CREATE' or 'UPDATE' permissions.

See (test with): https://demo-trunk.ofbiz.apache.org/accounting/control/EditFinAccount?finAccountId=ABN_CHECKING

Modified:
FinAccountScreens.xml - restructured EditFinAccount
FinAccountForms.xml - added FinAccountRoles form, restructured ListFinAccountRoles

@PierreSmits
Improved: VIEW permissions FinAccount roles (OFBIZ-12435)
cbad437 
Currently, a user with only 'VIEW' permissions, as demonstrated in trunk demo with userId = auditor, accessing the Financial Account Roles screen  sees editable fields and/or triggers (to requests) reserved for users with 'CREATE' or 'UPDATE' permissions.

See (test with): [https://demo-trunk.ofbiz.apache.org/accounting/control/EditFinAccount?finAccountId=ABN_CHECKING]

Modified:
FinAccountScreens.xml - restructured EditFinAccount
FinAccountForms.xml - added FinAccountRoles form, restructured ListFinAccountRoles
@sonarqubecloud
Copy link

sonarqubecloud bot commented Dec 7, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@JacquesLeRoux
Copy link
Contributor

JacquesLeRoux commented Dec 7, 2021

Pierre,

I guess you will continue to disable for auditor (or alike) the screens accessible from this screen? As it would not make sense to disable the menus themselves, right?

@JacquesLeRoux JacquesLeRoux merged commit 3aaa1f8 into apache:trunk Dec 7, 2021
@PierreSmits
Copy link
Member Author

PierreSmits commented Dec 7, 2021

Hi Jacques,

Thanks for the question.
How do you mean 'disable the menus'? As in the whole menu for a given screen? Or multiple screens related to same object?

How would users then go from one sub element to another given the same object?

@PierreSmits PierreSmits deleted the OFBIZ-12435-VIEW-FinAccount-Roles branch December 7, 2021 17:04
@JacquesLeRoux
Copy link
Contributor

JacquesLeRoux commented Dec 7, 2021

Forget it, I just meant that the screens accessible from the sub-menus should still be accessible, nothing new.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PierreSmits @JacquesLeRoux