OBPIH-4001 Make admin, manager, assistant be able to delete pending POs #3388
Conversation
| <g:supports activityCode="${ActivityCode.PLACE_ORDER}"> | ||
| <g:if test="${orderInstance?.orderType == PURCHASE_ORDER}"> | ||
| <g:supports activityCode="${ActivityCode.PLACE_ORDER}"> | ||
| <g:isSuperuser> |
There was a problem hiding this comment.
Since this was already there we can leave (and refactor later) but just wanted to point out that this could be a performance issue since _actions.gsp is likely being rendered for each order on the List Orders page. The max results parameter is usually set to 10, so this would be rendered at most 10 times. But it's still not great, especially since it's being called multiple times within the _actions.gsp and each time it's called there are likely database queries involved.
There was a problem hiding this comment.
With that said, I don't know the best approach here. I think Spring Security uses a thread local to store the authenticated user and their authorities. We do something similar with AuthService but it's not widely used and as far as I can remember I don't think it's being invoked in g:isSuperuser.
The main problem to fix was that the
Delete orderbutton was visible only for superusers and that I had to figure out how to prevent<g:link>of disabling the button after making is visible not only for superusers.Deleting now works for role at least Assistant, so for roles: Superuser, Admin, Manager, Assistant.