Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0015874 | Openbravo ERP | C. Security | public | 2011-02-07 12:48 | 2011-05-24 10:56 |
|
| Reporter | jonalegriaesarte | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 2.50MP26 | |
| Target Version | 2.50MP27 | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | OBPS |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0015874: Permissions to processes are not respected |
| Description | Permissions to processes are not respected. |
| Steps To Reproduce | 1) Log with user Openbravo with Openbravo Admin role.
2) Create a new role named My Role, select Manual.
3) Give it access ONLY to window Sales Invoice
4) Create a new user named myuser and assign him MyRole role.
5) Log in with user myuser and create a sales invoice with lines.
6) Click on Complete button.
Even if you have not been given access to Complete Invoice process you are able to
make this process. |
| Proposed Solution | |
| Additional Information | |
| Tags | closingMay2011 |
| Relationships | | depends on | backport | 0015907 | 2.50MP27 | closed | alostale | Permissions to processes are not respected | | related to | defect | 0024005 | | closed | alostale | When doing changes on an element using dal the Ad_context_info is not filled so the audit does not work properly |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2011-02-07 12:48 | jonalegriaesarte | New Issue | |
| 2011-02-07 12:48 | jonalegriaesarte | Assigned To | => alostale |
| 2011-02-07 12:48 | jonalegriaesarte | Modules | => Core |
| 2011-02-07 12:48 | jonalegriaesarte | OBNetwork customer | => Yes |
| 2011-02-07 12:49 | jonalegriaesarte | Issue Monitored: networkb | |
| 2011-02-07 13:03 | rafaroda | Issue Monitored: rafaroda | |
| 2011-02-09 17:31 | alostale | Note Added: 0034108 | |
| 2011-02-09 17:31 | alostale | Status | new => scheduled |
| 2011-02-09 17:31 | alostale | fix_in_branch | => pi |
| 2011-02-09 17:32 | hgbot | Checkin | |
| 2011-02-09 17:32 | hgbot | Note Added: 0034110 | |
| 2011-02-09 17:32 | hgbot | Status | scheduled => resolved |
| 2011-02-09 17:32 | hgbot | Resolution | open => fixed |
| 2011-02-09 17:32 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/3cc3d1a740b29ae39c0eadb9e2f498124c980514 [^] |
| 2011-02-10 09:27 | hgbot | Checkin | |
| 2011-02-10 09:27 | hgbot | Note Added: 0034120 | |
| 2011-02-10 09:27 | hgbot | Checkin | |
| 2011-02-10 09:27 | hgbot | Note Added: 0034121 | |
| 2011-05-24 10:08 | dalsasua | Tag Attached: closingMay2011 | |
| 2011-05-24 10:56 | dalsasua | Status | resolved => closed |
| 2013-06-12 08:26 | alostale | Relationship added | related to 0024005 |
|
Notes |
|
|
|
|
|
|
(0034110)
|
|
hgbot
|
|
2011-02-09 17:32
|
|
Repository: erp/devel/pi
Changeset: 3cc3d1a740b29ae39c0eadb9e2f498124c980514
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Wed Feb 09 17:32:12 2011 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/3cc3d1a740b29ae39c0eadb9e2f498124c980514 [^]
fixed issue 15874: Permissions to processes are not respected
---
M src-db/database/sourcedata/AD_REF_LIST.xml
M src-wad/src/org/openbravo/wad/javasource.javaxml
---
|
|
|
|
(0034120)
|
|
hgbot
|
|
2011-02-10 09:27
|
|
|
|
|
(0034121)
|
|
hgbot
|
|
2011-02-10 09:27
|
|
|