0034931: Using both WS types return different information for the same user

Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Revisions: Issue #34931		[ Back to Issue ]
Summary	0034931: Using both WS types return different information for the same user

Revision	2017-01-12 17:25 by JONHM
Steps To Reproduce	1) Create Role "test" in [Role] window: name: test user level: Client+Organization - check "manual" checkbox on and also check on the "Is Web Service Enabled" checkbox -- Then Switch to "Org Access" tab and give access to '*' and finally switch to "Window Access" tab and give access to window "Warehouse and Storage Bins" 2) Create User "test" in [User] window: name: test username: test password: openbravo - Then switch to "User Roles" tab and add the previous created role "test". 3) Using some chrome tool, like 'Postman' to check web services, introduce the URL to check if our user have access to 'Orders' or 'Country' (notice that we tried the issue into Openbravo livebuilds, when trying on a localhost environment it should be replaced by http://localhost:8080/openbravo/ws/dal/... [^]): 3.1) First, let's try the JSon WS: https://livebuilds.openbravo.com/erp_pi_pgsql/org.openbravo.service.json.jsonrest/Order [^] --> Notice that several fields are displayed, like partnerAddress, userContact and more info. 3.2) Then, try it on DAL WS: https://livebuilds.openbravo.com/erp_pi_pgsql/ws/dal/Order [^] --> Notice that only three fields are displayed (documentNo, orderDate, grandTotalAmount)

Revision	2017-01-12 17:25 by JONHM
Description	When granting some window access to a role (which it suppose to only have permission to view the related tables of that window), it shows different data in both Web Services. It shows more properties to related Entities using JSon web service than using DAL Web Service. Notice that flows of both WS types (DAL and JSon) are different.

Revision	2017-01-12 17:07 by JONHM
Steps To Reproduce	1) Create Role "test" in [Role] window: name: test user level: Client+Organization - check "manual" checkbox on and also check on the "Is Web Service Enabled" checkbox -- Then Switch to "Org Access" tab and give access to '*' and finally switch to "Window Access" tab and give access to window "Warehouse and Storage Bins" 2) Create User "test" in [User] window: name: test username: test password: openbravo - Then switch to "User Roles" tab and add the previous created role "test". 3) Using some chrome tool, like 'Postman' to check web services, introduce the URL to check if our user have access to 'Orders' or 'Country' (notice that we tried the issue into Openbravo livebuilds, version PR16Q3.3, when trying on a localhost environment it should be replaced by http://localhost:8080/openbravo/ws/dal/... [^]): https://livebuilds.openbravo.com/erp_mp_3.0PR16Q3.3/org.openbravo.service.json.jsonrest/Order [^]

Revision	2017-01-12 17:07 by JONHM
Description	When granting some window access to a role (which it suppose to only have permission to view the related tables of that window), it gives more permissions to related Entities in JSon web service than expected. Notice that flows of both WS types (DAL and JSon) are different.