Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0011239Openbravo ERPC. Securitypublic2009-11-04 12:402010-04-14 16:28
Reporternetworkb 
Assigned Tomarvintm 
PriorityurgentSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version2.50MP6 
Target Version2.50MP9Fixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customerOBPS
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0011239: The images on a field filled by a user can not be seen by other user with other role with access to the window
DescriptionThe images on a field filled by a user can not be seen by other user with other role with access to the window
Steps To Reproduce-Create a new column in a table, with type character varying 32
-Create e new column in the application dictionary for the column created. Reference Image BLOB
-Create a new field for the column
-Compile the application
-Access to the window with user Openbravo and role Openbravo admin
-Fill the image
-Create a new role with access to the window where the new field was created
-Create a new user for this role
-Logout and login with the new user
-Go to the window and see that the image can not be seen with this user.
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 00112412.50MP9 closed marvintm The image selector when filling and image field the first time is not the correct 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2009-11-04 12:40networkbNew Issue
2009-11-04 12:40networkbAssigned To => rafaroda
2009-11-04 12:40networkbOBNetwork customer => Yes
2009-11-05 08:15rafarodaRelationship addedrelated to 0011241
2009-11-05 08:20rafarodaNote Added: 0021579
2009-11-05 08:20rafarodaAssigned Torafaroda => alostale
2009-11-05 08:20rafarodaPriorityimmediate => urgent
2009-11-05 08:20rafarodaStatusnew => scheduled
2009-11-05 08:20rafarodaCategoryB. User interface => C. Security
2009-11-12 10:55alostaleAssigned Toalostale => marvintm
2009-11-18 10:02hgbotCheckin
2009-11-18 10:02hgbotNote Added: 0021951
2009-11-18 10:02hgbotStatusscheduled => resolved
2009-11-18 10:02hgbotResolutionopen => fixed
2009-11-18 10:02hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^]
2009-11-18 15:54alostaleStatusresolved => closed
2009-11-19 00:00anonymoussf_bug_id0 => 2900158
2010-04-14 16:28rafarodaNote Added: 0026193
2010-04-14 16:28rafarodaNote Edited: 0026193bug_revision_view_page.php?bugnote_id=0026193#r235
2010-04-14 16:30rafarodaNote Edited: 0026193bug_revision_view_page.php?bugnote_id=0026193#r236

Notes
(0021579)
rafaroda   
2009-11-05 08:20   
The issue does reproduce also with these steps:
1) Create an image field in the business partner window http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^]
2) Log as Openbravo with role Openbravo Admin and add an image to the business partner window.
3) Create a new role which has access to business partner window (if you use an already existing role the issue does not reproduce) and give it an organization.
4) Create a new user and assign it this newly created role.
5) Log in with this new user and look for the previous business partner record.

You can not see the image. If the user created was given Openbravo Admin role he could see the image.
(0021951)
hgbot   
2009-11-18 10:02   
Repository: erp/devel/pi
Changeset: dcf41c4246535e1d7ee29e238a30d79501066811
Author: Antonio Moreno <antonio.moreno <at> openbravo.com>
Date: Wed Nov 18 10:01:49 2009 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^]

Fixed issue 11239. Fixed issue 11241.

---
M src-wad/src/org/openbravo/wad/controls/WADImageBLOB.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.html
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.xml
M src/org/openbravo/erpCommon/utility/ShowImage.java
---
(0026193)
rafaroda   
2010-04-14 16:28   
(edited on: 2010-04-14 16:30)
Issue was also reproducing with these steps: BLOB image field only works if you have access to the Application Image window.

1) Add a VARCHAR(32) column to C_BPARTNER table
http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^]
2) Add the column to the table in the Application Dictionary and then add the field
to the Business Partner tab.
3) Compile the Business Partner window
4) Access the Business Partner window with a role which has NOT access to the
Application Image window.
5) Try to add an image.

Error message displays: Error
org.openbravo.base.exception.OBSecurityException: Entity ADImage is not directly
readable, only id and identifier properties are readable, property
ADImage.bindaryData is neither of these.

6) Give this role access to the Application Image window.
7) Go back to Business Partner window and add an image: OK
8) Remove again for this role the access to Application Image window.
9) Go back to the Business Partner window and select the former record: you are not
able to see the image you just added.