Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0011239Openbravo ERPC. Securitypublic2009-11-04 12:402010-04-14 16:28
networkb 
marvintm 
urgentmajoralways
closedfixed 
5
2.50MP6 
2.50MP9 
Core
No
0011239: The images on a field filled by a user can not be seen by other user with other role with access to the window
The images on a field filled by a user can not be seen by other user with other role with access to the window
-Create a new column in a table, with type character varying 32
-Create e new column in the application dictionary for the column created. Reference Image BLOB
-Create a new field for the column
-Compile the application
-Access to the window with user Openbravo and role Openbravo admin
-Fill the image
-Create a new role with access to the window where the new field was created
-Create a new user for this role
-Logout and login with the new user
-Go to the window and see that the image can not be seen with this user.
No tags attached.
related to defect 00112412.50MP9 closed marvintm The image selector when filling and image field the first time is not the correct 
Issue History
2009-11-04 12:40networkbNew Issue
2009-11-04 12:40networkbAssigned To => rafaroda
2009-11-05 08:15rafarodaRelationship addedrelated to 0011241
2009-11-05 08:20rafarodaNote Added: 0021579
2009-11-05 08:20rafarodaAssigned Torafaroda => alostale
2009-11-05 08:20rafarodaPriorityimmediate => urgent
2009-11-05 08:20rafarodaStatusnew => scheduled
2009-11-05 08:20rafarodaCategoryB. User interface => C. Security
2009-11-12 10:55alostaleAssigned Toalostale => marvintm
2009-11-18 10:02hgbotCheckin
2009-11-18 10:02hgbotNote Added: 0021951
2009-11-18 10:02hgbotStatusscheduled => resolved
2009-11-18 10:02hgbotResolutionopen => fixed
2009-11-18 10:02hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^]
2009-11-18 15:54alostaleStatusresolved => closed
2009-11-19 00:00anonymoussf_bug_id0 => 2900158
2010-04-14 16:28rafarodaNote Added: 0026193
2010-04-14 16:28rafarodaNote Edited: 0026193bug_revision_view_page.php?bugnote_id=0026193#r235
2010-04-14 16:30rafarodaNote Edited: 0026193bug_revision_view_page.php?bugnote_id=0026193#r236

Notes
(0021579)
rafaroda   
2009-11-05 08:20   
The issue does reproduce also with these steps:
1) Create an image field in the business partner window http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^]
2) Log as Openbravo with role Openbravo Admin and add an image to the business partner window.
3) Create a new role which has access to business partner window (if you use an already existing role the issue does not reproduce) and give it an organization.
4) Create a new user and assign it this newly created role.
5) Log in with this new user and look for the previous business partner record.

You can not see the image. If the user created was given Openbravo Admin role he could see the image.
(0021951)
hgbot   
2009-11-18 10:02   
Repository: erp/devel/pi
Changeset: dcf41c4246535e1d7ee29e238a30d79501066811
Author: Antonio Moreno <antonio.moreno <at> openbravo.com>
Date: Wed Nov 18 10:01:49 2009 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^]

Fixed issue 11239. Fixed issue 11241.

---
M src-wad/src/org/openbravo/wad/controls/WADImageBLOB.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.html
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.xml
M src/org/openbravo/erpCommon/utility/ShowImage.java
---
(0026193)
rafaroda   
2010-04-14 16:28   
(edited on: 2010-04-14 16:30)
Issue was also reproducing with these steps: BLOB image field only works if you have access to the Application Image window.

1) Add a VARCHAR(32) column to C_BPARTNER table
http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^]
2) Add the column to the table in the Application Dictionary and then add the field
to the Business Partner tab.
3) Compile the Business Partner window
4) Access the Business Partner window with a role which has NOT access to the
Application Image window.
5) Try to add an image.

Error message displays: Error
org.openbravo.base.exception.OBSecurityException: Entity ADImage is not directly
readable, only id and identifier properties are readable, property
ADImage.bindaryData is neither of these.

6) Give this role access to the Application Image window.
7) Go back to Business Partner window and add an image: OK
8) Remove again for this role the access to Application Image window.
9) Go back to the Business Partner window and select the former record: you are not
able to see the image you just added.