New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Website users don't have read access to GL Entry #9187
Comments
My question would be - why would you want that? GL is back end. SINV and RFQ for for customers, which would be for website users. |
I guess you need like a portal view of the Statement of Account that is generated when the general ledger is printed Hi @umairsy is there any specific reason why the GL Entry doctype does not give permission to the role All for display? Other doctypes give this permission to All. |
I see this as a major security issue. You should not expose major back-end functionality like this to a web portal. I still don't understand the use case. What is it you are trying to accomplish? How can you control what the customer sees when the way things work now you can't hard code filters and such. |
The use case is the ability of a Customer to view a statement of all his/her Accounts Receivable interactions (sales invoices, payments, journal entry) on the portal view. We are not looking to reproduce the reporting view but a constrained view that by default filters the transaction listed to those of the logged in user only. Something like the screenshot below. |
I think another way to ask the question is, what is the best way to give a web user access to all the accounting transactions they have made on the ERPNext? |
And being able to activate quotes, orders, invoices and shipments out of the box is not enough? |
I don't think these are enough since the ability to view an online customer statement is a reasonable feature to expect (especially for subscription-type services) and quotes, orders, invoices and shipments don't make a customer statement. Customer-related Sales Invoices, Payments and Journal Entries do and they all already happen to be in the GL Entry doctype. I don't see why GL Entry shouldn't have read-access for role All (especially when the All role can already read all Sales Invoices by default). |
I agree with @ckosiegbu, GL report should be a specially configured feature if required, not based on permissions |
Is there a reason why website users don't have read access to the GL Entry doctype but have access to doctypes like Sales Invoices and Request For Quotation?
The text was updated successfully, but these errors were encountered: