Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0014697Openbravo ERPZ. Otherspublic2010-09-24 13:222010-12-16 22:16
Reporterrafaroda 
Assigned Tomtaal 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS20OS VersionCommunity Appliance
Product Version2.50 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customerNo
Web browser
ModulesJSON REST Webservice
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0014697: Entity EVEBUCO_FUNCCLASS is not directly readable
DescriptionWhen accessing a selector defined as you can see in SelectorDefinition.png and try to select a value from it with an user which can not read EVEBUCO_FUNCCLASS class you get the following error.

12:50:45 [http-8585-4] ERROR org.openbravo.base.exception.OBSecurityException - Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these.
org.openbravo.base.exception.OBSecurityException: Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these.
    at org.openbravo.base.structure.BaseOBObject.checkDerivedReadable(BaseOBObject.java:172)
    at org.openbravo.base.structure.BaseOBObject.get(BaseOBObject.java:140)
    at org.openbravo.service.json.DataToJsonConverter.toJsonObject(DataToJsonConverter.java:134)
    at org.openbravo.service.json.DataToJsonConverter.toJsonObjects(DataToJsonConverter.java:100)
    at org.openbravo.service.json.DefaultJsonDataService.fetch(DefaultJsonDataService.java:125)
    at org.openbravo.service.datasource.DefaultDataSourceService.fetch(DefaultDataSourceService.java:63)
    at org.openbravo.service.datasource.DataSourceServlet.doFetch(DataSourceServlet.java:144)
    at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:154)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225)
    at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:434)
    at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:91)
    at org.openbravo.client.kernel.BaseKernelServlet$1.process(BaseKernelServlet.java:65)
    at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
    at org.openbravo.client.kernel.BaseKernelServlet.service(BaseKernelServlet.java:67)
    at org.openbravo.service.datasource.DataSourceServlet.service(DataSourceServlet.java:75)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:81)
    at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46)
    at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:103)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
    at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
    at java.lang.Thread.run(Thread.java:636)
Steps To ReproduceI'm using a selector with an user which does not have access to the window (which is built in top of EVEBUCO_FUNCCLASS table) related to the selector and get the error: Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these (see SelectorError.png).

In table EVEBUCO_FUNCCLASS table I only defined search key and name as identifiers. I defined the selector as you can see in SelectorDefinition.png.
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 0015387 closed gorkaion DataToJsonConverter check (for access) selector fields which are defined but marked as isactive ='N' 
Attached Filespng SelectorDefinition.png (66,404) 2010-09-24 13:22
https://issues.openbravo.com/file_download.php?file_id=3120&type=bug
png

png SelectorError.png (89,038) 2010-09-24 13:22
https://issues.openbravo.com/file_download.php?file_id=3121&type=bug
png
Issue History
Date ModifiedUsernameFieldChange
2010-09-24 13:22rafarodaNew Issue
2010-09-24 13:22rafarodaAssigned To => mtaal
2010-09-24 13:22rafarodaFile Added: SelectorDefinition.png
2010-09-24 13:22rafarodaOBNetwork customer => No
2010-09-24 13:22rafarodaIssue Monitored: rafaroda
2010-09-24 13:22rafarodaFile Added: SelectorError.png
2010-09-24 13:39hgbotCheckin
2010-09-24 13:39hgbotNote Added: 0031348
2010-09-24 13:39hgbotStatusnew => resolved
2010-09-24 13:39hgbotResolutionopen => fixed
2010-09-24 13:39hgbotFixed in SCM revision => http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/d5bd1147245d29640df13ff94b621fa1d9ae0c1b [^]
2010-12-09 13:34hgbotCheckin
2010-12-09 13:34hgbotNote Added: 0033083
2010-12-09 15:52shuehnerRelationship addedrelated to 0015387
2010-12-09 17:51shuehnerNote Added: 0033099
2010-12-09 17:51shuehnerStatusresolved => closed
2010-12-16 22:16anonymoussf_bug_id0 => 3138783

Notes
(0031348)
hgbot   
2010-09-24 13:39   
Repository: erp/mods/org.openbravo.service.json
Changeset: d5bd1147245d29640df13ff94b621fa1d9ae0c1b
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Fri Sep 24 13:39:18 2010 +0200
URL: http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/d5bd1147245d29640df13ff94b621fa1d9ae0c1b [^]

Fixes issue 14697: Entity EVEBUCO_FUNCCLASS is not directly readable

---
M src-test/org/openbravo/service/json/test/JsonConversionTest.java
M src/org/openbravo/service/json/DataToJsonConverter.java
---
(0033083)
hgbot   
2010-12-09 13:34   
Repository: erp/mods/org.openbravo.service.json
Changeset: b82e7b3ee9b6710a9fa5803b2b83feca65e2962e
Author: Iván Perdomo <ivan.perdomo <at> openbravo.com>
Date: Thu Dec 02 13:10:12 2010 +0100
URL: http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/b82e7b3ee9b6710a9fa5803b2b83feca65e2962e [^]

Issue 14697: Backport of changeset d5bd1147245d

---
M src-test/org/openbravo/service/json/test/JsonConversionTest.java
M src/org/openbravo/service/json/DataToJsonConverter.java
---
(0033099)
shuehner   
2010-12-09 17:51   
Tested on pi_pg/latest module versions (default branch). Defining selector not having any selector fields (just combobox shown in UI) and using it with a role not having direct access to the underlying table now works fine (besides the newly found related issue). Added junit test for the issue also runs without errors.
Also tested backport with rev: b82e7b3ee9b6 of json module (branch core-2.50).