Bug in edit product?

I think I found a bug in the user rights.
A manager can’t add a product but he can edit a product. I don’t think this is the correct way? I don’t want manager to edit product details only to manage stock.

This is probably up for debate as to whether it’s a bug. We chose to prevent managers from creating products because we thought that should be a feature with more centralized control. However, during daily operations there are times where allowing a manager to edit a product is necessary.

What’s not up for debate is that the roles / permissions should be configurable.

We have had plans to address this issue for a long time but we don’t have any time or money to work on it at the moment.

We are hoping that we can solve this with minimal effort in the near-term by exposing our ACL as a configuration property in openboxes-config.groovy. This would allow a system administrator to control permissions. However, “near-term” is currently going on a few years so it might be awhile still.

Once we migrate to Grails 3 (or Grails 5) we are hoping to do this properly using Spring Security + a nice UI to allow a superuser to define customizable roles.

I understand that in some situations you want a Manager to edit products. However to ensure quality control for product registration (description, attributes, price, etc) I want only this option reserved for 1 a 2 persons to ensure that the products are added and edited in the correct way.