Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0012660 | Openbravo ERP | A. Platform | public | 2010-03-12 09:58 | 2010-05-19 00:00 |
|
| Reporter | iperdomo | |
| Assigned To | mtaal | |
| Priority | urgent | Severity | major | Reproducibility | sometimes |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 20 | OS Version | 2.6.30-gentoo-r5 |
| Product Version | | |
| Target Version | pi | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0012660: OBContext enableAsAdminContext - resetAsAdminContext should use an stack |
| Description | Right now we have 2 ways to enable/disable the AdminContext, either hold the current context in a variable, and reset it to that context after making the calls, and 2nd one is enableAsAdminContext/resetAsAdminContext, the problem is that this second approach is not safe when using on nested calls, it always reset the AdminContext to false. |
| Steps To Reproduce | |
| Proposed Solution | Use a 'stack' of user context and push and pop contexts when calling enable/reset Admin. This approach is simpler for a developer,. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2010-03-12 09:58 | iperdomo | New Issue | |
| 2010-03-12 09:58 | iperdomo | Assigned To | => mtaal |
| 2010-03-12 09:58 | iperdomo | OBNetwork customer | => No |
| 2010-03-12 09:58 | iperdomo | Status | new => scheduled |
| 2010-03-12 09:58 | iperdomo | fix_in_branch | => pi |
| 2010-03-16 07:06 | hgbot | Checkin | |
| 2010-03-16 07:06 | hgbot | Note Added: 0025502 | |
| 2010-03-16 07:06 | hgbot | Status | scheduled => resolved |
| 2010-03-16 07:06 | hgbot | Resolution | open => fixed |
| 2010-03-16 07:06 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/0edb9a09c2558500f1f0edf1701de066af9f56a0 [^] |
| 2010-03-16 11:04 | mtaal | Note Added: 0025530 | |
| 2010-03-16 11:04 | mtaal | Status | resolved => new |
| 2010-03-16 11:04 | mtaal | Resolution | fixed => open |
| 2010-03-17 09:01 | hudsonbot | Checkin | |
| 2010-03-17 09:01 | hudsonbot | Note Added: 0025554 | |
| 2010-03-22 08:31 | alostale | Status | new => scheduled |
| 2010-04-06 19:17 | mtaal | Note Added: 0025912 | |
| 2010-04-15 13:12 | mtaal | Note Added: 0026254 | |
| 2010-05-05 14:18 | hgbot | Checkin | |
| 2010-05-05 14:18 | hgbot | Note Added: 0026958 | |
| 2010-05-05 14:18 | hgbot | Status | scheduled => resolved |
| 2010-05-05 14:18 | hgbot | Resolution | open => fixed |
| 2010-05-05 14:18 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/0edb9a09c2558500f1f0edf1701de066af9f56a0 [^] => http://code.openbravo.com/erp/devel/pi/rev/57390029073861fd9eef7115fa83812d18d6cc09 [^] |
| 2010-05-18 13:34 | shuehner | Note Added: 0027421 | |
| 2010-05-18 13:34 | shuehner | Status | resolved => closed |
| 2010-05-18 21:43 | hudsonbot | Checkin | |
| 2010-05-18 21:43 | hudsonbot | Note Added: 0027482 | |
| 2010-05-19 00:00 | anonymous | sf_bug_id | 0 => 3003670 |
|
Notes |
|
|
(0025502)
|
|
hgbot
|
|
2010-03-16 07:06
|
|
Repository: erp/devel/pi
Changeset: 0edb9a09c2558500f1f0edf1701de066af9f56a0
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Tue Mar 16 07:13:11 2010 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/0edb9a09c2558500f1f0edf1701de066af9f56a0 [^]
fixes issue 12660: OBContext enableAsAdminContext - resetAsAdminContext should use an stack
---
M src-test/org/openbravo/test/dal/IssuesTest.java
M src/org/openbravo/dal/core/OBContext.java
---
|
|
|
|
(0025530)
|
|
mtaal
|
|
2010-03-16 11:04
|
|
|
Commit done to early, will be done again in 3 days |
|
|
|
|
|
|
|
(0025912)
|
|
mtaal
|
|
2010-04-06 19:17
|
|
|
|
|
(0026254)
|
|
mtaal
|
|
2010-04-15 13:12
|
|
Note, also in the DalRequestFilter the admin context must be set to false/disabled and a warning logged if it was not set by the app.
Stefan, check if there is a tool to check correct use of this pattern.
gr. Martin |
|
|
|
(0026958)
|
|
hgbot
|
|
2010-05-05 14:18
|
|
Repository: erp/devel/pi
Changeset: 57390029073861fd9eef7115fa83812d18d6cc09
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Wed May 05 14:18:16 2010 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/57390029073861fd9eef7115fa83812d18d6cc09 [^]
fixes issue 12594: Make setting of administrator mode less vulnerable for wrong usage
fixes issue 12660: OBContext enableAsAdminContext - resetAsAdminContext should use an stack
---
M src-test/org/openbravo/test/base/BaseTest.java
M src-test/org/openbravo/test/dal/OBContextTest.java
M src-test/org/openbravo/test/model/UtilsTest.java
M src-test/org/openbravo/test/xml/EntityXMLImportTestBusinessObject.java
M src-test/org/openbravo/test/xml/EntityXMLImportTestReference.java
M src/org/openbravo/base/secureApp/HttpSecureAppServlet.java
M src/org/openbravo/base/secureApp/LoginHandler.java
M src/org/openbravo/base/secureApp/LoginUtils.java
M src/org/openbravo/base/secureApp/UserLock.java
M src/org/openbravo/base/secureApp/VariablesSecureApp.java
M src/org/openbravo/dal/core/DalInitializingTask.java
M src/org/openbravo/dal/core/DalRequestFilter.java
M src/org/openbravo/dal/core/OBContext.java
M src/org/openbravo/dal/core/TriggerHandler.java
M src/org/openbravo/dal/security/EntityAccessChecker.java
M src/org/openbravo/dal/xml/EntityResolver.java
M src/org/openbravo/dal/xml/EntityXMLConverter.java
M src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_PC_Case_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
M src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
M src/org/openbravo/erpCommon/ad_forms/About.java
M src/org/openbravo/erpCommon/ad_forms/DocFINFinAccTransaction.java
M src/org/openbravo/erpCommon/ad_forms/DocFINPayment.java
M src/org/openbravo/erpCommon/ad_forms/DocFINReconciliation.java
M src/org/openbravo/erpCommon/ad_forms/InitialOrgSetup.java
M src/org/openbravo/erpCommon/ad_forms/Role.java
M src/org/openbravo/erpCommon/ad_process/ApplyModules.java
M src/org/openbravo/erpCommon/ad_process/CreateCustomModule.java
M src/org/openbravo/erpCommon/ad_process/PaymentMonitor.java
M src/org/openbravo/erpCommon/businessUtility/AuditTrailPopup.java
M src/org/openbravo/erpCommon/info/AttributeSetInstance.java
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java
M src/org/openbravo/erpCommon/modules/ModuleUtiltiy.java
M src/org/openbravo/erpCommon/obps/ActivationKey.java
M src/org/openbravo/erpCommon/obps/CheckCleanCache.java
M src/org/openbravo/erpCommon/obps/GetOpenbravoLogo.java
M src/org/openbravo/erpCommon/security/Login.java
M src/org/openbravo/erpCommon/security/Menu.java
M src/org/openbravo/erpCommon/security/SessionLogin.java
M src/org/openbravo/erpCommon/utility/ImageToDatabaseLoader.java
M src/org/openbravo/erpCommon/utility/ShowImage.java
M src/org/openbravo/erpCommon/utility/ShowImageLogo.java
M src/org/openbravo/erpCommon/utility/ToolBar.java
M src/org/openbravo/erpCommon/utility/UsedByLink.java
M src/org/openbravo/erpCommon/utility/Utility.java
M src/org/openbravo/erpCommon/utility/VerticalMenu.java
M src/org/openbravo/reference/Reference.java
M src/org/openbravo/reference/ui/UIList.java
M src/org/openbravo/service/dataset/DataSetService.java
M src/org/openbravo/service/db/CallProcess.java
M src/org/openbravo/service/db/DataExportService.java
M src/org/openbravo/service/db/DataImportService.java
M src/org/openbravo/service/system/SystemService.java
M src/org/openbravo/service/web/UserContextCache.java
---
|
|
|
|
|
|
Tested in pi/pg working fine. New/consistent api is introduced for enabling/disabling admin mode. All older api's for the same are deprecated. All core callers are already updated to use the new api. The deprecation warnings which will be shown by using non-updated code (in i.e. modules) will be hidden by default in the rebuild-popup but shown in the console and eclipse builds. |
|
|
|
|
|