If I use the Charge Fee button to charge a money account, the (unprivileged) owner of the money account cannot view the Order.
The Set-Up:
An event has “Payment required to rsvp” enabled.
Member adds a ticket to the event to their shopping cart, but fails to successfully check out.
They are recorded as RSVP:Yes and now appear on the Attendance:View All Payments screen as “RSVP’d without purchasing.” (I think this is a bug too, but it’s a known issue.)
I try to clean things up by clicking “Charge Fee” and use the member’s money account as payment.
TroopTrack creates an Order, and the payment is processed rather normally.
The Bug:
When the member views their own money account, they can see the withdraw, but if they click the Order, they appear to have insufficient privileges to view its contents.
The Problem:
Because I, as a privileged user, applied the payment, the member cannot see what the money was used for. This causes unnecessary emails from members asking why $XXX was removed from their account.
The Solution:
The privilege check for viewing an Order should allow not only the Order’s creator, but also the owner of the affected account to view the Order.