-
-
Notifications
You must be signed in to change notification settings - Fork 392
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OBPIH-5163 Users with Browser permissions can't see the PO list page #3652
Conversation
@@ -1133,7 +1133,7 @@ openboxes.security.rbac.rules = [ | |||
[controller: 'glAccount', actions: ['delete'], accessRules: [minimumRequiredRole: RoleType.ROLE_SUPERUSER]], | |||
[controller: 'glAccountType', actions: ['delete'], accessRules: [minimumRequiredRole: RoleType.ROLE_SUPERUSER]], | |||
[controller: 'preferenceType', actions: ['delete'], accessRules: [minimumRequiredRole: RoleType.ROLE_SUPERUSER]], | |||
[controller: 'purchaseOrderApi', actions: ['*'], accessRules: [ minimumRequiredRole: RoleType.ROLE_ASSISTANT]], | |||
[controller: 'purchaseOrderApi', actions: ['delete'], accessRules: [ minimumRequiredRole: RoleType.ROLE_ASSISTANT]], |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should rollback
action also be available to everyone?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rollback depends on Approver role and we check it on the frontend side:
const rollbackHandler = (id) => {
if (!isUserApprover) {
Alert.error(translate(
'react.default.errors.noPermissions.label',
'You do not have permissions to perform this action',
));
return;
}
(....)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But through API you can now do this having any kind of role. So it also should also be here if you need a supplementary role Approver.
…3652) * OBPIH-5163 Users with Browser permissions can't see the PO list page * OBPIH-5163 Add rule for rollback action for purchase orders * OBPIH-5163 Fix supplementalRoles to be list
Confirmed with Katarzyna, that delete should be still only for >= Assistants