As an update to this topic: We got it working, doing the following:
Each Invoice has an association using entity InvoiceRole with a Sales Rep. At our company, were each sales rep gets a commision for every Inovice he generates, when migrating invoices from our existing system to Ofbiz, we generate these InvoiceRoles. Invoice: Our Company -> Sales Rep = BILL_FROM_VENDOR Invoice: Sales Rep -> Our Company = SALES_REP Then, we are modifying the Accounting component to use groovy at all places to process the find requests. This way, in groovy we can filter by this association. We use a mix of InvoiceRole with SecurityPermission of the logged user to generate a hierarchy: if the logged user has the right permissions, no filter is applied (an adminitrator, for example). If the logged user has permission as a Sales Rep only, we must filter all invoices that do not "belong" to him. Another thing we are implementing is that Sales Reps have supervisors, or bosses, that can access not all invoices but all the ones of the people they supervise. It is not that easy at first, but thanks to the patterns Ofbiz follows it is not difficult either. Thanks again. -- View this message in context: http://ofbiz.135035.n4.nabble.com/limit-Invoice-access-by-logged-user-or-the-Invoice-Sales-Rep-tp4671577p4672565.html Sent from the OFBiz - User mailing list archive at Nabble.com.
