[JIRA] Commented: (OFBIZ-638) Role-based security for party manager create/update/delete operations

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Commented: (OFBIZ-638) Role-based security for party manager create/update/delete operations

JIRA jira@ofbiz.org
     [ http://jira.undersunconsulting.com/browse/OFBIZ-638?page=comments#action_14054 ]
     
Marco Risaliti commented on OFBIZ-638:
--------------------------------------

Can we close it or move it ?

Thanks
Marco

> Role-based security for party manager create/update/delete operations
> ---------------------------------------------------------------------
>
>          Key: OFBIZ-638
>          URL: http://jira.undersunconsulting.com/browse/OFBIZ-638
>      Project: [OFBiz] Open For Business
>         Type: Improvement
>   Components: party
>     Reporter: Si Chen
>     Assignee: Jira Administrator

>
>
> Currently most party manager operations do a security check to see if:
> 1.  You have permission for this operation (ie, you're allowed to change addresses) or
> 2.  You are the owner of the record (ie, you're changing your own address)
> This enhancement will add a role-based security check so that there is a new permission which requires PartyRole/PartyRelationship, so you can also perform the operation if:
> 3.  You have a role-based security permission and you are associated to the party through the role (ie, you're allowed to change addresses for your customers, and this is one of your customers)

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.undersunconsulting.com/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira