Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0013946 | Openbravo ERP | 00. Application dictionary | public | 2010-07-13 12:48 | 2010-10-05 00:00 |
|
| Reporter | networkb | |
| Assigned To | vmromanos | |
| Priority | high | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0013946: permission's error is returned |
| Description | when you execute the report with a role, and this role have not permission to windows "Localization" and "Document type", and access level of this role is "Entity/organization", error is returned.
|
| Steps To Reproduce | . create new role with access level "entity/organization"
. windows access: is empty
. process access: create a new record "multidimensional tax report"
. run report
Patricia:
Right steps are:
. create a new role with access level "entity/organization"
. assign the new user role to User "Openbravo" in the application path: General Setup || Security || User || User >> User Roles
. go back to the window Role and then go to windows access tab and remove all windows
. go to process access and make sure that the "Multidimensional tax Report" is there
. run the report, system shows below error. |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | feature request | 0014491 | | closed | marvintm | A new DAL admin mode which also checks for client/organization would be useful |
|
| Attached Files |  error_13946.png (24,655) 2010-10-04 13:20
https://issues.openbravo.com/file_download.php?file_id=3155&type=bug
|
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2010-07-13 12:48 | networkb | New Issue | |
| 2010-07-13 12:48 | networkb | Assigned To | => vmromanos |
| 2010-08-05 10:47 | vmromanos | Note Added: 0029816 | |
| 2010-08-05 10:47 | vmromanos | Status | new => closed |
| 2010-08-05 10:47 | vmromanos | Resolution | open => no change required |
| 2010-08-13 14:26 | networkb | Status | closed => new |
| 2010-08-13 14:26 | networkb | Resolution | no change required => open |
| 2010-08-13 14:52 | vmromanos | Note Added: 0029956 | |
| 2010-08-13 14:52 | vmromanos | Status | new => closed |
| 2010-08-13 14:52 | vmromanos | Resolution | open => no change required |
| 2010-08-17 13:17 | psarobe | Status | closed => new |
| 2010-08-17 13:17 | psarobe | Resolution | no change required => open |
| 2010-08-17 13:17 | psarobe | Project | Localization Pack: Spain => Openbravo ERP |
| 2010-09-24 12:38 | vmromanos | Relationship added | depends on 0014491 |
| 2010-09-24 12:38 | vmromanos | Status | new => scheduled |
| 2010-09-24 12:38 | vmromanos | fix_in_branch | => pi |
| 2010-09-24 14:19 | hgbot | Checkin | |
| 2010-09-24 14:19 | hgbot | Note Added: 0031350 | |
| 2010-09-24 14:19 | hgbot | Status | scheduled => resolved |
| 2010-09-24 14:19 | hgbot | Resolution | open => fixed |
| 2010-09-24 14:19 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.module.invoiceTaxReportEnhanced/rev/7c89682e969256028c1705d25da65e5d8ef009ac [^] |
| 2010-09-24 14:20 | vmromanos | Note Added: 0031351 | |
| 2010-10-04 13:07 | psanjuan | Category | Multi Dimensional Tax Report => 00. Application dictionary |
| 2010-10-04 13:07 | psanjuan | fix_in_branch | pi => |
| 2010-10-04 13:07 | psanjuan | Description Updated | bug_revision_view_page.php?rev_id=971#r971 |
| 2010-10-04 13:07 | psanjuan | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=973#r973 |
| 2010-10-04 13:08 | psanjuan | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=974#r974 |
| 2010-10-04 13:11 | psanjuan | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=975#r975 |
| 2010-10-04 13:11 | psanjuan | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=976#r976 |
| 2010-10-04 13:20 | psanjuan | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=977#r977 |
| 2010-10-04 13:20 | psanjuan | File Added: error_13946.png | |
| 2010-10-04 13:34 | psanjuan | Note Added: 0031573 | |
| 2010-10-04 13:48 | psanjuan | Fixed in Version | => 1.1.7 |
| 2010-10-04 13:49 | psanjuan | Status | resolved => closed |
| 2010-10-05 00:00 | anonymous | sf_bug_id | 0 => 3081158 |
|
Notes |
|
|
|
This behaviour is totally normal and it's one of the benefices of using the Data Access Layer.
This report shows data related to Business Partners, Documents, Currency, Business Partners' location, etc. The role must have access to these windows (data) in order to view the report data.
Imagine the case of a role that doesn't have access to the Business Partners info. If we override this security check, this role can have access to the information about the Business Partners displayed into the report!
Overriding this security check done by the DAL is very dangerous and in this particular case it has no sense. In fact, if we do so, we will introduce an important security regression.
Remember that, when configuring a role, you can enable editing the fields (or not) checking the "Editable Field" flag. |
|
|
|
|
I'm closing this issue again because that's the normal behavior of the DAL.
Your example is wrong because in the Sales Invoice window you see "a representation of a location" but not the real location. Any user can change this representation, for example hiding some fields, changing the order, etc. So the report needs to access to the "real" location and not to a "human readable" location. In the "real" location we have **always** all the information needed.
However, if you still think there is an inconsistency for the user in the global application, then create another bug and the platform team will take it. But this inconsistency is not going to be fixed in this bug.
If you don't want to give access to these windows, you can also give access to the table itself through the ad_table_access table. You can do it from the General Setup || Security || Role Access window. This way the user won't see the windows but I can see the data through the report.
For more information visit http://goo.gl/qkZN [^] |
|
|
|
(0031350)
|
|
hgbot
|
|
2010-09-24 14:19
|
|
Repository: erp/pmods/org.openbravo.module.invoiceTaxReportEnhanced
Changeset: 7c89682e969256028c1705d25da65e5d8ef009ac
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Fri Sep 24 14:19:24 2010 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.module.invoiceTaxReportEnhanced/rev/7c89682e969256028c1705d25da65e5d8ef009ac [^]
Fixed bug 13946 in module version 1.1.7
All DAO methods that access to the database using DAL have been
refactored to use the new Admin Mode available since 2.50MP22
The Core's dependency needs to be updated to 2.50MP22 when released
---
M src-db/database/sourcedata/AD_MODULE.xml
M src-db/database/sourcedata/AD_MODULE_DEPENDENCY.xml
M src/org/openbravo/module/invoiceTaxReportEnhanced/ad_reports/OBITREInvoiceTaxReportDao.java
---
|
|
|
|
|
|
Warning: the module now depends on 2.50MP22, so it will be released just after 2.50MP22 is released |
|
|
|
|
|
fixed and working in version 1.1.7 |
|