Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0012594 | Openbravo ERP | A. Platform | public | 2010-03-08 13:30 | 2010-05-19 00:00 |
|
| Reporter | mtaal | |
| Assigned To | mtaal | |
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | pi | |
| Target Version | pi | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0012594: Make setting of administrator mode less vulnerable for wrong usage |
| Description | Make setting of administrator mode less vulnerable for wrong usage. The current approach is this:
bool oldMode = ...setAdminMode(true)
try {
}finally {
setAdminMode(oldMode)
}
If one forgets to use the oldMode variable and instead does: setAdminMode(false) then this gives unpredictable results.
The following api is less vulnerable:
setInAdminMode();
try {
} finally {
restorePreviousAdminMode();
} |
| Steps To Reproduce | |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  adminmode3.patch (90,766) 2010-05-03 21:58
https://issues.openbravo.com/file_download.php?file_id=2517&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2010-03-08 13:30 | mtaal | New Issue | |
| 2010-03-08 13:30 | mtaal | Assigned To | => mtaal |
| 2010-03-08 13:30 | mtaal | OBNetwork customer | => No |
| 2010-03-08 14:29 | shuehner | Issue Monitored: shuehner | |
| 2010-03-08 15:35 | alostale | Status | new => scheduled |
| 2010-03-08 15:35 | alostale | fix_in_branch | => pi |
| 2010-03-19 19:37 | hgbot | Checkin | |
| 2010-03-19 19:37 | hgbot | Note Added: 0025626 | |
| 2010-04-19 21:10 | hudsonbot | Checkin | |
| 2010-04-19 21:10 | hudsonbot | Note Added: 0026358 | |
| 2010-05-03 10:13 | mtaal | File Added: adminmode.patch | |
| 2010-05-03 17:44 | mtaal | File Deleted: adminmode.patch | |
| 2010-05-03 17:44 | mtaal | File Added: adminmode2.patch | |
| 2010-05-03 21:58 | mtaal | File Deleted: adminmode2.patch | |
| 2010-05-03 21:58 | mtaal | File Added: adminmode3.patch | |
| 2010-05-05 14:18 | hgbot | Checkin | |
| 2010-05-05 14:18 | hgbot | Note Added: 0026957 | |
| 2010-05-05 14:18 | hgbot | Status | scheduled => resolved |
| 2010-05-05 14:18 | hgbot | Resolution | open => fixed |
| 2010-05-05 14:18 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/57390029073861fd9eef7115fa83812d18d6cc09 [^] |
| 2010-05-18 13:34 | shuehner | Note Added: 0027420 | |
| 2010-05-18 13:34 | shuehner | Status | resolved => closed |
| 2010-05-18 21:43 | hudsonbot | Checkin | |
| 2010-05-18 21:43 | hudsonbot | Note Added: 0027481 | |
| 2010-05-19 00:00 | anonymous | sf_bug_id | 0 => 3003669 |
|
Notes |
|
|
(0025626)
|
|
hgbot
|
|
2010-03-19 19:37
|
|
|
|
|
|
|
|
|
(0026957)
|
|
hgbot
|
|
2010-05-05 14:18
|
|
Repository: erp/devel/pi
Changeset: 57390029073861fd9eef7115fa83812d18d6cc09
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed May 05 14:18:16 2010 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/57390029073861fd9eef7115fa83812d18d6cc09 [^]
fixes issue 12594: Make setting of administrator mode less vulnerable for wrong usage
fixes issue 12660: OBContext enableAsAdminContext - resetAsAdminContext should use an stack
---
M src-test/org/openbravo/test/base/BaseTest.java
M src-test/org/openbravo/test/dal/OBContextTest.java
M src-test/org/openbravo/test/model/UtilsTest.java
M src-test/org/openbravo/test/xml/EntityXMLImportTestBusinessObject.java
M src-test/org/openbravo/test/xml/EntityXMLImportTestReference.java
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/base/secureApp/LoginHandler.java
M src/org/openbravo/base/secureApp/LoginUtils.java
M src/org/openbravo/base/secureApp/UserLock.java
M src/org/openbravo/base/secureApp/VariablesSecureApp.java
M src/org/openbravo/dal/core/DalInitializingTask.java
M src/org/openbravo/dal/core/DalRequestFilter.java
M src/org/openbravo/dal/core/OBContext.java
M src/org/openbravo/dal/core/TriggerHandler.java
M src/org/openbravo/dal/security/EntityAccessChecker.java
M src/org/openbravo/dal/xml/EntityResolver.java
M src/org/openbravo/dal/xml/EntityXMLConverter.java
M src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
M src/org/openbravo/erpCommon/ad_forms/About.java
M src/org/openbravo/erpCommon/ad_forms/DocFINFinAccTransaction.java
M src/org/openbravo/erpCommon/ad_forms/DocFINPayment.java
M src/org/openbravo/erpCommon/ad_forms/DocFINReconciliation.java
M src/org/openbravo/erpCommon/ad_forms/InitialOrgSetup.java
M src/org/openbravo/erpCommon/ad_forms/Role.java
M src/org/openbravo/erpCommon/ad_process/ApplyModules.java
M src/org/openbravo/erpCommon/ad_process/CreateCustomModule.java
M src/org/openbravo/erpCommon/ad_process/PaymentMonitor.java
M src/org/openbravo/erpCommon/businessUtility/AuditTrailPopup.java
M src/org/openbravo/erpCommon/info/AttributeSetInstance.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java
M src/org/openbravo/erpCommon/modules/ModuleUtiltiy.java
M src/org/openbravo/erpCommon/obps/ActivationKey.java
M src/org/openbravo/erpCommon/obps/CheckCleanCache.java
M src/org/openbravo/erpCommon/obps/GetOpenbravoLogo.java
M src/org/openbravo/erpCommon/security/Login.java
M src/org/openbravo/erpCommon/security/Menu.java
M src/org/openbravo/erpCommon/security/SessionLogin.java
M src/org/openbravo/erpCommon/utility/ImageToDatabaseLoader.java
M src/org/openbravo/erpCommon/utility/ShowImage.java
M src/org/openbravo/erpCommon/utility/ShowImageLogo.java
M src/org/openbravo/erpCommon/utility/ToolBar.java
M src/org/openbravo/erpCommon/utility/UsedByLink.java
M src/org/openbravo/erpCommon/utility/Utility.java
M src/org/openbravo/erpCommon/utility/VerticalMenu.java
M src/org/openbravo/reference/Reference.java
M src/org/openbravo/reference/ui/UIList.java
M src/org/openbravo/service/dataset/DataSetService.java
M src/org/openbravo/service/db/CallProcess.java
M src/org/openbravo/service/db/DataExportService.java
M src/org/openbravo/service/db/DataImportService.java
M src/org/openbravo/service/system/SystemService.java
M src/org/openbravo/service/web/UserContextCache.java
---
|
|
|
|
|
|
Tested in pi/pg working fine. New/consistent api is introduced for enabling/disabling admin mode. All older api's for the same are deprecated. All core callers are already updated to use the new api. The deprecation warnings which will be shown by using non-updated code (in i.e. modules) will be hidden by default in the rebuild-popup but shown in the console and eclipse builds. |
|
|
|
|
|