Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0014677 | Openbravo ERP | A. Platform | public | 2010-09-23 15:05 | 2010-10-16 00:00 |
|
| Reporter | plujan | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | main | |
| Target Version | 2.50MP23 | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0014677: DE008 It is possible to bypass the security check and use an expired commercial module |
| Description | It is possible to bypass the security check and use an expired commercial module |
| Steps To Reproduce | 1. Use an instance with an active subscription. IDL module is installed, but the subscription for IDL has expired yesterday.
2. Login with "userA" a non SysAdmin user. You will receive the expected message. It is not possible to log in.
3. Login with "QA" a SysAdmin user. You will receive the expected message, and you are allowed to continue.
4. Go to Module Management window. Select IDL module and disable it.
5. Open a new browser. Log in with userA. Now there is no message and you can log in.
6. Check that IDL menu entry is not there (since it is disabled)
7. In the QA session (the browser used to disable), enable IDL
8. Refresh userA browser using F5. Now IDL menu entry is there and you are able to open the window and use IDL as usual. |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2010-09-23 15:05 | plujan | New Issue | |
| 2010-09-23 15:05 | plujan | Assigned To | => alostale |
| 2010-09-23 15:05 | plujan | OBNetwork customer | => No |
| 2010-09-27 08:59 | alostale | Status | new => scheduled |
| 2010-09-30 15:03 | alostale | Note Added: 0031521 | |
| 2010-09-30 15:05 | hgbot | Checkin | |
| 2010-09-30 15:05 | hgbot | Note Added: 0031522 | |
| 2010-09-30 15:05 | hgbot | Status | scheduled => resolved |
| 2010-09-30 15:05 | hgbot | Resolution | open => fixed |
| 2010-09-30 15:05 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/09be3c03a880475617c4537a10e653945a716b1f [^] |
| 2010-10-08 20:59 | hudsonbot | Checkin | |
| 2010-10-08 20:59 | hudsonbot | Note Added: 0031710 | |
| 2010-10-15 16:12 | marvintm | Note Added: 0031882 | |
| 2010-10-15 16:12 | marvintm | Status | resolved => closed |
| 2010-10-16 00:00 | anonymous | sf_bug_id | 0 => 3088372 |
|
Notes |
|
|
|
|
The problem is in step 4: it should not be allowed to enable again disabled commercial modules which license has expired. |
|
|
|
(0031522)
|
|
hgbot
|
|
2010-09-30 15:05
|
|
Repository: erp/devel/pi
Changeset: 09be3c03a880475617c4537a10e653945a716b1f
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Sep 30 15:04:49 2010 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/09be3c03a880475617c4537a10e653945a716b1f [^]
fixed issue 14677: It is possible to use an expired commercial module
Disabled commercial modules which license has expired are not allowed
to be enabled again.
---
M src/org/openbravo/erpCommon/ad_forms/ModuleManagement.java
M src/org/openbravo/erpCommon/obps/ActivationKey.java
---
|
|
|
|
|
|
|
|
|
|
Verified that you cannot enable a disabled module you don't have rights to in your license. Also, verified that if you later get the rights to the module and update the license, you can enable the module again. |
|