Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0006199
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2008-11-26 02:162009-04-21 12:39
ReportereintelauView Statuspublic 
Assigned Toalostale 
PriorityurgentResolutionfixedFixed in Versionpi
StatusclosedFix in branchpiFixed in SCM revision12666
ProjectionnoneETAnoneTarget Version
OSAnyDatabasePostgreSQLJava version1.5
OS VersionDatabase version8.3Ant version1.7
Product Version2.40SCM revision10587 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0006199: Role with Organisation access can't fill out many required combos

DescriptionA Role that just has Organisation access (no Client, no *) is not able to use many forms/reports because the data for required combos is restricted to Organisation=* access (ie the required combos have an empty list of options).

This is due to the security review which removed the * org from the #User_Org list. The WAD generated code has been updated to use #AccessibleOrgTree but none of the forms, reports, etc have been updated.

I believe this is a significant issue and should be fixed in a 2.40 release as well as trunk.
Steps To ReproduceBehaviour can be seen in many places.

1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User).
2) Go to Financial Management | Accounting | Analysis Tools | General Ledger Report
3) Try to select the Accounting Schema. Dropdown is empty
4) Cannot submit report.

or

1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User).
2) Go to Business Partner | Location tab
3) Create a new Location
4) Edit the address
5) Cannot select required fields region/country from dropdown
6) Cannot save new address


Proposed SolutionUpdate all forms/reports/etc to use #AccessibleOrgTree instead of #User_Org in the appropriate places. In particular this means any use of ComboTableData.

The attached file contains a patch with modifications for the Openbravo 2.40 and trunk. Given the size of the change I believe it needs review rather than me committing it directly.
Tagsplatform1_sprint1
Attached Fileszip file icon AccessibleOrgTree-patch.zip [^] (72,630 bytes) 2008-11-26 02:16

- Relationships Relation Graph ] Dependency Graph ]
depends on backport 0006813 closedalostale Role with Organisation access can't fill out many required combos 
related to defect 0009183 closediperdomo Organization combobox of the Account Selector doesn't display summary level orgs 
causes defect 0027953 closedjorge-garcia AccessibleOrgTree wrongly used in some reports may create security issues 

-  Notes
(0011463)
rafaroda (developer)
2008-12-17 09:26

Asier, could you please review if this is really a bug and take a look at the patch? Thank you.
(0012936)
svnbot (reporter)
2009-01-30 17:40

Repository: openbravo
Revision: 12571
Author: alostale
Date: 2009-01-30 17:40:33 +0100 (Fri, 30 Jan 2009)

related to issue 0006199: Fixed org in selectors

---
U trunk/src/org/openbravo/erpCommon/info/Account.java
U trunk/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java
U trunk/src/org/openbravo/erpCommon/info/DebtPayment.java
U trunk/src/org/openbravo/erpCommon/info/ImageInfo.java
U trunk/src/org/openbravo/erpCommon/info/InvoiceLine.java
U trunk/src/org/openbravo/erpCommon/info/Location.java
U trunk/src/org/openbravo/erpCommon/info/Locator.java
U trunk/src/org/openbravo/erpCommon/info/Product.java
U trunk/src/org/openbravo/erpCommon/info/ProductComplete.java
U trunk/src/org/openbravo/erpCommon/info/ProductMultiple.java
U trunk/src/org/openbravo/erpCommon/info/Project.java
U trunk/src/org/openbravo/erpCommon/info/SalesOrder.java
U trunk/src/org/openbravo/erpCommon/info/SalesOrderLine.java
U trunk/src/org/openbravo/erpCommon/info/ShipmentReceipt.java
U trunk/src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12571&sc=1 [^]
(0012983)
svnbot (reporter)
2009-02-02 10:13

Repository: openbravo
Revision: 12632
Author: alostale
Date: 2009-02-02 10:13:13 +0100 (Mon, 02 Feb 2009)

related to issue 0006199:

Fixed org in ad_reports

---
U trunk/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
U trunk/src/org/openbravo/erpCommon/ad_reports/MInOutTraceReports.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAccountingCountDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAgingBalance.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAnnualCertification.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBank.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBankJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBudgetGenerateExcel.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCash.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashFlow.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashflowForecast.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportDebtPayment.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportDebtPaymentTrack.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportExpense.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGuaranteeDateJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInventory.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerEdition.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscount.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscountJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoices.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoicesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEdition.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEditionJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportOffer.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportOrderNotInvoiceJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportParetoProduct.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPendingProductionJr.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPricelist.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductMovement.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProduction.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionCost.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionRunJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSite.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSiteJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectProfitabilityJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectProgress.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPurchaseDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportRefundInvoiceCustomerDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportRefundSalesDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderInvoicedJasper.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItem.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItemJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderProvidedJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipmentEditionJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipper.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportStandardCostJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignment.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignmentJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTotalProductTemplate.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalanceDetail.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportValuationStock.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseControl.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseDetailInventoryJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehousePartnerJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDaily.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDailyEnv.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementJR.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12632&sc=1 [^]
(0012984)
svnbot (reporter)
2009-02-02 10:14

Repository: openbravo
Revision: 12633
Author: alostale
Date: 2009-02-02 10:14:32 +0100 (Mon, 02 Feb 2009)

related to issue 0006199:
fixed or in erpReports

---
U trunk/src/org/openbravo/erpReports/RptC_Proposal.java
U trunk/src/org/openbravo/erpReports/RptC_ProposalJr.java
U trunk/src/org/openbravo/erpReports/RptC_Remittance.java
U trunk/src/org/openbravo/erpReports/RptC_RemittanceJR.java
U trunk/src/org/openbravo/erpReports/RptC_Settlement.java
U trunk/src/org/openbravo/erpReports/RptPromissoryNote.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12633&sc=1 [^]
(0012994)
svnbot (reporter)
2009-02-02 10:51

Repository: openbravo
Revision: 12638
Author: alostale
Date: 2009-02-02 10:51:14 +0100 (Mon, 02 Feb 2009)

related to issue 0006199: fixed org in callouts

---
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Invoice_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Order_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Project_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Proposal_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Wh_SchedulePeriod.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_CreateFromMultiple_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_InOut_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Invoice_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Order_DocType.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Order_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Payment_Amounts.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_SequenceProduct_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_WRPhaseProduct_Product.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12638&sc=1 [^]
(0013012)
svnbot (reporter)
2009-02-02 13:45

Repository: openbravo
Revision: 12655
Author: alostale
Date: 2009-02-02 13:45:50 +0100 (Mon, 02 Feb 2009)

related to issue 0006199: fixed org in action buttons

---
U trunk/src/org/openbravo/erpCommon/ad_actionButton/ActionButtonUtility.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFile.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFrom.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFromMultiple.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/ProjectSetType.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/UpdateMaintenanceScheduled.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12655&sc=1 [^]
(0013015)
svnbot (reporter)
2009-02-02 13:58

Repository: openbravo
Revision: 12660
Author: alostale
Date: 2009-02-02 13:57:58 +0100 (Mon, 02 Feb 2009)

related to issue 0006199: fixed org in ad process

---
U trunk/src/org/openbravo/erpCommon/ad_process/CashBankOperations.java
U trunk/src/org/openbravo/erpCommon/ad_process/ChangeOrderOrg.java
U trunk/src/org/openbravo/erpCommon/ad_process/CreateTaxReport.java
U trunk/src/org/openbravo/erpCommon/ad_process/ExpenseAPInvoice.java
U trunk/src/org/openbravo/erpCommon/ad_process/GenerateHelp.java
U trunk/src/org/openbravo/erpCommon/ad_process/ImportAccountServlet.java
U trunk/src/org/openbravo/erpCommon/ad_process/ImportBudgetServlet.java
U trunk/src/org/openbravo/erpCommon/ad_process/PriceListCreateAll.java
U trunk/src/org/openbravo/erpCommon/ad_process/SendMailText.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12660&sc=1 [^]
(0013018)
svnbot (reporter)
2009-02-02 15:05

Repository: openbravo
Revision: 12663
Author: alostale
Date: 2009-02-02 15:05:03 +0100 (Mon, 02 Feb 2009)

related to issue 0006199: fixed org in forms

---
U trunk/src/org/openbravo/erpCommon/ad_forms/AlertManagement.java
U trunk/src/org/openbravo/erpCommon/ad_forms/FileImport.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InitialClientSetup.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InitialOrgSetup.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline_Lines.java
U trunk/src/org/openbravo/erpCommon/ad_forms/ModuleManagement.java
U trunk/src/org/openbravo/erpCommon/ad_forms/RequisitionToOrder.java
U trunk/src/org/openbravo/erpCommon/ad_forms/ShowSessionPreferences.java
U trunk/src/org/openbravo/erpCommon/ad_process/CreateAccountingReport.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12663&sc=1 [^]
(0013022)
svnbot (reporter)
2009-02-02 15:21

Repository: openbravo
Revision: 12666
Author: alostale
Date: 2009-02-02 15:21:15 +0100 (Mon, 02 Feb 2009)

related to issue 0006199: fixed org in others

---
U trunk/src/org/openbravo/erpCommon/ad_workflow/WorkflowControl.java
U trunk/src/org/openbravo/erpCommon/businessUtility/Buscador.java
U trunk/src/org/openbravo/erpCommon/businessUtility/TabAttachments.java
U trunk/src/org/openbravo/erpCommon/utility/Utility.java
U trunk/src/org/openbravo/erpCommon/utility/VerticalMenu.java
---

https://dev.openbravo.com/websvn/openbravo/?rev=12666&sc=1 [^]

- Issue History
Date Modified Username Field Change
2008-11-26 02:16 eintelau New Issue
2008-11-26 02:16 eintelau Assigned To => rafaroda
2008-11-26 02:16 eintelau sf_bug_id 0 => 2347559
2008-11-26 02:16 eintelau File Added: AccessibleOrgTree-patch.zip
2008-12-02 23:40 eintelau Issue Monitored: eintelau
2008-12-03 19:03 pjuvara Priority normal => high
2008-12-09 13:41 pheenan Assigned To rafaroda => pheenan
2008-12-17 09:26 rafaroda Note Added: 0011463
2008-12-17 09:26 rafaroda Assigned To pheenan => alostale
2008-12-17 09:26 rafaroda Status new => acknowledged
2008-12-17 11:02 alostale Tag Attached: platform1_sprint1
2009-01-09 11:32 psarobe Priority high => urgent
2009-01-09 11:32 psarobe Status acknowledged => scheduled
2009-01-09 11:32 psarobe fix_in_branch => trunk
2009-01-30 17:40 svnbot Checkin
2009-01-30 17:40 svnbot Note Added: 0012936
2009-01-30 17:40 svnbot svn_revision => 12571
2009-02-02 10:13 svnbot Checkin
2009-02-02 10:13 svnbot Note Added: 0012983
2009-02-02 10:13 svnbot svn_revision 12571 => 12632
2009-02-02 10:14 svnbot Checkin
2009-02-02 10:14 svnbot Note Added: 0012984
2009-02-02 10:14 svnbot svn_revision 12632 => 12633
2009-02-02 10:51 svnbot Checkin
2009-02-02 10:51 svnbot Note Added: 0012994
2009-02-02 10:51 svnbot svn_revision 12633 => 12638
2009-02-02 13:45 svnbot Checkin
2009-02-02 13:45 svnbot Note Added: 0013012
2009-02-02 13:45 svnbot svn_revision 12638 => 12655
2009-02-02 13:58 svnbot Checkin
2009-02-02 13:58 svnbot Note Added: 0013015
2009-02-02 13:58 svnbot svn_revision 12655 => 12660
2009-02-02 15:05 svnbot Checkin
2009-02-02 15:05 svnbot Note Added: 0013018
2009-02-02 15:05 svnbot svn_revision 12660 => 12663
2009-02-02 15:21 svnbot Checkin
2009-02-02 15:21 svnbot Note Added: 0013022
2009-02-02 15:21 svnbot svn_revision 12663 => 12666
2009-02-02 17:05 alostale Status scheduled => resolved
2009-02-02 17:05 alostale Fixed in Version => trunk
2009-02-02 17:05 alostale Resolution open => fixed
2009-04-21 02:53 eintelau Issue End Monitor: eintelau
2009-04-21 12:39 psarobe Status resolved => closed
2009-05-26 14:08 vmromanos Relationship added related to 0009183
2014-10-22 18:52 vmromanos Relationship added causes 0027953


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker