[
https://issues.apache.org/jira/browse/OFBIZ-11703?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17107460#comment-17107460 ]
Pierre Smits commented on OFBIZ-11703:
--------------------------------------
That should be obvious,
But try this:
# go to [
https://demo-trunk.ofbiz.apache.org/myportal]
# login with userId=*DemoCustomer* and password=*ofbiz*
# then click on the name shown in the header (when using the bluelight, flatgrey or tomahawk theme) or on the name in the dropdown widget (when using a rainbowstone theme variant)
OFBiz then opens a new login screen.
Not every user is intended to have direct access to the party component. If such user need to see their profile, we have such functionality available in the myportal component.
Better is it to remove the functionality in the header. As solved in the PR.
> Themes provides link to partymgr in headers
> -------------------------------------------
>
> Key: OFBIZ-11703
> URL:
https://issues.apache.org/jira/browse/OFBIZ-11703> Project: OFBiz
> Issue Type: Bug
> Components: themes
> Affects Versions: 17.12.03, Trunk
> Reporter: Pierre Smits
> Assignee: Pierre Smits
> Priority: Major
> Labels: Rainbow, bluelight, flatgrey, permissions, security, tomahawk
> Attachments: image-2020-05-13-18-32-30-065.png
>
>
> The headers of the back-end themes offers the user a link to view his/her profile in the Party application. However, not every user will have access to the party application. Therefore the link should not be present.
> Such users are (typically):
> * MyPortal users (external parties)
> * Project users (external parties)
> but this is also applicable to users of other components, who don't have privileges for functions in the Party application.
> See attached image
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
Locked
