Private Lock - Allow Unlock other users Private Records
Activity
Carlos Ruiz February 12, 2024 at 10:20 AM
added wiki documentation
Carlos Ruiz January 17, 2024 at 2:45 PM
@Norbert Bede - revisiting this, with the new Record ID editor that you did the Name/DocumentNo is shown, so it makes more sense now to add a window for this purpose.
This new window would just be visible for roles with “Personal Access” - and they would be able to delete records there.
Carlos Ruiz June 3, 2021 at 11:00 AM
Ah, I see your idea now.
Maybe you don’t need the Unlock Private lock by Supervisor flag, actually in Role you have the Personal Access flag which is intended for the Supervisor.
I did a test with this Personal Access flag and the user with this role can effectively see locked records, and clicking the Lock button it creates a second record in AD_Private_Access, there is no visual clue that the record has a lock by another user, your idea sounds good here: if in a locked record show a visual clue (locked button) and in the Popup Menu show the option you mention “Unlock record from other user”.
The AD_Private_Access table is also good as the Supervisor can navigate to the locked record using the zoom Record_ID button. Showing name/documentno in this window will probably require a pl/sql and pl/pgsql function as it would need dynamic SQL to be executed, I mean a pl function like getIdentifier(tableId, recordId).
Norbert Bede June 3, 2021 at 10:38 AM
yes. we have report now - but yes we can create window - the question is how we can identify human readable identifier eg. DocumentNo - maybe with new solution 🙂 https://idempiere.atlassian.net/browse/IDEMPIERE-4479
I mean key column must be displayed otherwise privileged user not able perform the change.
Carlos Ruiz June 3, 2021 at 10:34 AM
Hi @Norbert Bede - yes, there is a missing piece here.
I think a simpler solution would be just to create a window for the AD_Private_Access table, and you can manage via role permissions who has access to that window.
issue:
when user created privatelock (role has enabled private lock feature) of a record, only the same user able to unlock it. If user leave company or on holiday or in our case users makes lock in e-commerce portal - nobody able to unlock it.
suggested change
add a new field to role - Unlock Private lock by Supervisor - if this checkbox is selected, then role able to unlock not only own private locks but any private locks created by another users.
ux: no change required - simple show private locked icon to user has special role and allow unlock record. Optionally - we should display another message instead "private lock record" show eg. force "unlock record by supervisor"
This is really danger feature, however still there are some repeating scenario, means we are able unlock record by
update ad_private_access SET isActive='N' where record_id = 1615557 and ad_table_id=xyz