0011387: Enable isInAdministratorMode() also in case of user "0" independent of its role

Openbravo Issue Tracking System - Openbravo ERP
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0011387	Openbravo ERP	00. Application dictionary	public	2009-11-17 12:49	2009-11-20 00:00

Reporter	mtaal
Assigned To	mtaal
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Platform		OS	5	OS Version
Product Version	pi
Target Version	2.50MP9	Fixed in Version
Merge Request Status
Review Assigned To
OBNetwork customer
Web browser
Modules	Core
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency Pack	No

Summary	0011387: Enable isInAdministratorMode() also in case of user "0" independent of its role
Description	Currently the OBContext.isInAdministratorMode() returns true if the role is the "0" role or if admin mode is set explicitly. It should also return true if the current user id == "0"
Steps To Reproduce
Proposed Solution
Additional Information
Tags	No tags attached.
Relationships
Attached Files

Issue History
Date Modified	Username	Field	Change
2009-11-17 12:49	mtaal	New Issue
2009-11-17 12:49	mtaal	Assigned To	=> mtaal
2009-11-18 14:17	hgbot	Checkin
2009-11-18 14:17	hgbot	Note Added: 0021968
2009-11-18 14:17	hgbot	Status	new => resolved
2009-11-18 14:17	hgbot	Resolution	open => fixed
2009-11-18 14:17	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/devel/pi/rev/d6e8a0f9dc7fe347ecc8012e95714d8987a4b1d0 [^]
2009-11-18 14:22	mtaal	Note Added: 0021969
2009-11-19 17:07	shuehner	Note Added: 0022032
2009-11-19 17:07	shuehner	Status	resolved => closed
2009-11-20 00:00	anonymous	sf_bug_id	0 => 2900821

Notes

Added these comments from an email conversation, the solution has been done as discussed here:

Hi Ismael,
Hmm, currently admin mode is just setting a flag which disables security
checks. It keeps the current user context as it can make sense to still
know who made the changes also for other things it can make sense to
keep the context as it is (and just disable security) like the client
and organization.
Let me know if that's fine to (or not ofcourse :-) .

I agree that instead of using user="0" the ant tasks should set
admincontext, so that part is clear. And it should solve the issue also
(so then there is no need to change the admin mode behavior).

gr. Martin

Ismael Ciordia, Openbravo wrote:
> > Martin,
> >
> > imo setAdminMode should set user=0, role=0 in the context and ignore if
user
> > 0 is granted to use role 0. Then ant tasks and other "admin" actions
should
> > use setAdminMode.
> >
> > I think that privileges should only depend on the role in the context, and
> > adminMode should not be an exception.
> >
> > Ismael
> >
> > -----Mensaje original-----
> > De: team.platform-bounces@openbravo.com
> > [mailto:team.platform-bounces@openbravo.com]En nombre de Martin Taal
> > Enviado el: martes, 17 de noviembre de 2009 13:04
> > Para: team.platform@openbravo.com
> > Asunto: [team.platform] User "0" as admin user (in addition to role "0")
> >
> >
> > Hi,
> > The DAL assumes that the role with id "0" is the admin role and will not
> > perform security checks if the user has this role. However, there are
> > some cases in the system where the "0" user is used directly. For
> > example certain ant tasks. This is done with the assumption that the
> > user "0" will have the "0" role as the default role.
> >
> > There are however sometimes customers who (accidentally) change the
> > default role of the "0" user. This results in failing ant tasks as the
> > "0" user then does not have enough authorizations.
> >
> > So the proposal is to extend the admin mode meaning to:
> > user == "0" || role == "0" --> adminMode
> >
> > Let me know if you have any comments/remarks about this.
> >
> > If I hear no comments then I will do this (small) change late wednesday
> > or thursday.