Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0010659 | Openbravo ERP | C. Security | public | 2009-09-10 14:46 | 2009-10-13 12:11 |
|
| Reporter | villind | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 2.40MP8 | |
| Target Version | | Fixed in Version | 2.40MP10 | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0010659: Adding a new organization adds org access to manual roles |
| Description | Adding a new organization adds org access to manual roles. This poses a security risk as the access control settings are modifid automatically where they should not be modified. |
| Steps To Reproduce | 1. Have an role with ismanula setting active.
2. Add a new organization
3. Relogin
4. See the "Org Access" tab of the manual role |
| Proposed Solution | See the attached patch. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | blocks | defect | 0010548 | | closed | alostale | Adding a new organization adds org access to manual roles |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2009-09-18 14:08 | rafaroda | Type | defect => backport |
| 2009-09-18 14:08 | rafaroda | fix_in_branch | => 2.40 |
| 2009-10-02 08:50 | hgbot | Checkin | |
| 2009-10-02 08:50 | hgbot | Note Added: 0020649 | |
| 2009-10-02 08:50 | hgbot | Status | scheduled => resolved |
| 2009-10-02 08:50 | hgbot | Resolution | open => fixed |
| 2009-10-02 08:50 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/stable/2.40/rev/f09cdd91178477ccedef0127213ea2146065b963 [^] |
| 2009-10-13 12:11 | sureshbabu | Status | resolved => closed |
| 2009-10-13 12:11 | sureshbabu | Note Added: 0020981 | |
| 2009-10-13 12:11 | sureshbabu | Fixed in Version | => 2.40MP10 |