Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0010548 | Openbravo ERP | C. Security | public | 2009-09-10 14:46 | 2009-10-08 00:00 |
|
| Reporter | villind | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 2.40MP8 | |
| Target Version | | Fixed in Version | 2.50MP7 | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0010548: Adding a new organization adds org access to manual roles |
| Description | Adding a new organization adds org access to manual roles. This poses a security risk as the access control settings are modifid automatically where they should not be modified. |
| Steps To Reproduce | 1. Have an role with ismanula setting active.
2. Add a new organization
3. Relogin
4. See the "Org Access" tab of the manual role |
| Proposed Solution | See the attached patch. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | backport | 0010659 | | closed | alostale | Adding a new organization adds org access to manual roles | | related to | defect | 0030057 | | closed | aferraz | Org Access added automatically to all roles | | causes | design defect | 0030253 | | new | Triage Platform Base | Automatic roles and initial organization setup inconsistency |
|
| Attached Files |  no-org-for-manual-role.diff (551) 2009-09-10 14:46
https://issues.openbravo.com/file_download.php?file_id=1733&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2009-09-10 14:46 | villind | New Issue | |
| 2009-09-10 14:46 | villind | Assigned To | => rafaroda |
| 2009-09-10 14:46 | villind | File Added: no-org-for-manual-role.diff | |
| 2009-09-10 14:46 | villind | OBNetwork customer | => No |
| 2009-09-18 14:08 | rafaroda | Note Added: 0020208 | |
| 2009-09-18 14:08 | rafaroda | Assigned To | rafaroda => alostale |
| 2009-09-18 14:08 | rafaroda | Priority | normal => urgent |
| 2009-09-18 14:08 | rafaroda | Status | new => scheduled |
| 2009-09-18 14:08 | rafaroda | fix_in_branch | => pi |
| 2009-10-02 08:48 | hgbot | Checkin | |
| 2009-10-02 08:48 | hgbot | Note Added: 0020648 | |
| 2009-10-02 08:48 | hgbot | Status | scheduled => resolved |
| 2009-10-02 08:48 | hgbot | Resolution | open => fixed |
| 2009-10-02 08:48 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/ed4e3d66e2f427041aa4cfe4501386475d50f8d4 [^] |
| 2009-10-07 12:48 | sureshbabu | Status | resolved => closed |
| 2009-10-07 12:48 | sureshbabu | Note Added: 0020834 | |
| 2009-10-07 12:48 | sureshbabu | Fixed in Version | => 2.50MP7 |
| 2009-10-08 00:00 | anonymous | sf_bug_id | 0 => 2874364 |
| 2015-06-03 19:06 | aferraz | Relationship added | related to 0030057 |
| 2015-06-26 09:17 | vmromanos | Relationship added | causes 0030253 |