-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apply role permissions when browsing/editing data #341
Comments
the only reason we add this empty tab is because we want this "placeholder" window to be discovered by role access update process. metasfresh/metasfresh-webui-api-legacy#341
fixed: the manufacturing order -> Issue / Receipt could not be open. |
[#702](metasfresh/metasfresh-webui-frontend-legacy#702) Running a process from menu does not work, again [#342](metasfresh/metasfresh-webui-api-legacy#342) Exception in WebUI when opening initial Doc Outbound window [#886](#866) Make payment callouts work in webui [#341](metasfresh/metasfresh-webui-api-legacy#341) Apply role permissions when browsing/editing data [#340](metasfresh/metasfresh-webui-api-legacy#340) Manufacturing order: Prevent issuing VHUs which are not top level [#700](metasfresh/metasfresh-webui-frontend-legacy#700) Typeahead not working in lookup filter parameters [#1435](#1435) Add method for Escaping '@' char, by replacing one @ with double @@ [#330](metasfresh/metasfresh-webui-api-legacy#330) Implement webui HUEditor support for massive amount of HUs [#1315](#1315) 2D Barcode wit ad_table_id/ record_id on bestellkontrolle [#675](metasfresh/metasfresh-webui-frontend-legacy#675) Icons for manufacturing components [#334](metasfresh/metasfresh-webui-api-legacy#334) switch filters to primary layout [#697](metasfresh/metasfresh-webui-frontend-legacy#697) New Businesspartner modal overlay cancel [#257](metasfresh/metasfresh-webui-api-legacy#257) BPartner contact cannot be saved because mandatory field Name is not set me-45
Results of IT1 repeated testcases above:
Swing:
|
minor fix to enforce window access when the frontend acquires the window layouts |
IT
|
@metas-lc if role admin has access to all orgs your cases seem fine to me |
Is this a bug or feature request?
Bug
What is the current behavior?
When browsing or editing documents or views the role permissions are not applied at all.
So basically, you can view, edit, delete system records as a regular user.
Which are the steps to reproduce?
Login with non-System role:
browse AD_Elements which shall be visible only for SysAdm: https://w101.metasfresh.com:8443/window/151
=> shall not be allowed
browse currencies: https://w101.metasfresh.com:8443/window/115 => shall be visible
Login with System role:
steps above shall work
NOTE to IT:
The text was updated successfully, but these errors were encountered: