ofbiz-framework icon indicating copy to clipboard operation
ofbiz-framework copied to clipboard

Published 20 hours ago verified publisher icon apache

Fixed: PaymentGroup Cancell button is shown to viewer (OFBIZ-12820)

Open PierreSmits opened this issue 1 year ago • 3 comments

Currently when a user with only view permissions accesses the PaymentGroup overview, as demonstrated in demo-trunk with userid=auditor, the action trigger to cancel a PaymentGroup is shown. See attached image.

modified: PaymentGroupForms.xml

  • removed action trigger field regarding cancelCheckRunPayments

PierreSmits avatar Feb 17 '24 08:02 PierreSmits

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

sonarqubecloud[bot] avatar Feb 17 '24 08:02 sonarqubecloud[bot]

It looks like the action is simple removed for everyone instead of checking the permission?

mbrohl avatar Feb 17 '24 09:02 mbrohl

The trigger to cancel a PaymentGroup is still available on the page of the PaymentGroup. See https://demo-trunk.ofbiz.apache.org/accounting/control/PaymentGroupOverview?paymentGroupId=9000.

IMO, cancelling a PaymentGroup in an overview with less detail than available in the page of the PaymentGroup should be discouraged as accidental cancellations do happen.

PierreSmits avatar Feb 27 '24 12:02 PierreSmits