Regular User Cannot View Admin-Forced Order

TroopTrack Bugs
1

If I use the Charge Fee button to charge a money account, the (unprivileged) owner of the money account cannot view the Order.

image

The Set-Up:

An event has “Payment required to rsvp” enabled.
Member adds a ticket to the event to their shopping cart, but fails to successfully check out.
They are recorded as RSVP:Yes and now appear on the Attendance:View All Payments screen as “RSVP’d without purchasing.” (I think this is a bug too, but it’s a known issue.)
I try to clean things up by clicking “Charge Fee” and use the member’s money account as payment.
TroopTrack creates an Order, and the payment is processed rather normally.

The Bug:

When the member views their own money account, they can see the withdraw, but if they click the Order, they appear to have insufficient privileges to view its contents.

The Problem:

Because I, as a privileged user, applied the payment, the member cannot see what the money was used for. This causes unnecessary emails from members asking why $XXX was removed from their account.

The Solution:

The privilege check for viewing an Order should allow not only the Order’s creator, but also the owner of the affected account to view the Order.

2

Perhaps something changed recently that is causing this, it was working normally previously as you would expect. I will get this over to the TT Admins.

3

And maybe I should change something about my suggested solution.

Anyone with Household privileges over the affected account should be able to view the Order. I am not certain I have tested whether the account’s actual owner can see it, but we have it set up so Scouts own their accounts, and it is usually parents looking at money.

4

I just did some testing and I see the same behavior, honestly this may have always been the behavior and we just haven’t had anyone report it. Even if it is not possible for them to see the Order perhaps if the Description could be set correctly that would at least let the end user know what the transaction was for. This also goes to the RSVP status without checking out which I am asking the Admins about.