Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0024858 | Openbravo ERP | A. Platform | public | 2013-10-01 11:59 | 2014-02-12 18:28 |
|
| Reporter | caristu | |
| Assigned To | dbaz | |
| Priority | high | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | 3.0PR14Q2 | Fixed in Version | 3.0PR14Q2 | |
| Merge Request Status | |
| Review Assigned To | alostale |
| OBNetwork customer | OBPS |
| Web browser | |
| Modules | Core |
| Support ticket | 23677 |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0024858: Restrict access to REST web services |
| Description | The Openbravo REST web services use the same access/authorizations as the standard Openbravo application, so if a role is able to access a to the information of a table, the entity associated to this table is accessible for this role through its corresponding REST webservice.
It would be nice to have a mechanism to allow us to restrict access just to the web service for a particular role and at the same time this role would be able access to the window. |
| Steps To Reproduce | . |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0026566 | | closed | guillermogil | error is returned when a call to web service is done and the role used don't have permission to Role and User window |
|
| Attached Files |  wsRolSec.export (22,570) 2013-12-19 13:51
https://issues.openbravo.com/file_download.php?file_id=6580&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2013-10-01 11:59 | caristu | New Issue | |
| 2013-10-01 11:59 | caristu | Assigned To | => AugustoMauch |
| 2013-10-01 11:59 | caristu | Modules | => Core |
| 2013-10-01 11:59 | caristu | OBNetwork customer | => Yes |
| 2013-10-01 11:59 | caristu | Support ticket | => 23677 |
| 2013-10-01 11:59 | caristu | Triggers an Emergency Pack | => No |
| 2013-12-18 18:00 | dbaz | Assigned To | AugustoMauch => dbaz |
| 2013-12-18 18:01 | dbaz | Issue Monitored: alostale | |
| 2013-12-18 18:01 | dbaz | Review Assigned To | => alostale |
| 2013-12-18 18:02 | dbaz | Issue Monitored: dbaz | |
| 2013-12-18 18:02 | dbaz | File Added: wsRolSec.diff | |
| 2013-12-19 11:43 | dbaz | File Deleted: wsRolSec.diff | |
| 2013-12-19 11:43 | dbaz | File Added: wsRolSec.export | |
| 2013-12-19 13:51 | dbaz | File Deleted: wsRolSec.export | |
| 2013-12-19 13:51 | dbaz | File Added: wsRolSec.export | |
| 2014-01-20 08:24 | alostale | Target Version | => 3.0MP32 |
| 2014-01-20 14:51 | hgbot | Checkin | |
| 2014-01-20 14:51 | hgbot | Note Added: 0063538 | |
| 2014-01-20 14:51 | hgbot | Status | new => resolved |
| 2014-01-20 14:51 | hgbot | Resolution | open => fixed |
| 2014-01-20 14:51 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/267df0f85b0e2084cbe4f0555be9552615ec17f0 [^] |
| 2014-01-28 08:06 | alostale | Note Added: 0063734 | |
| 2014-01-28 08:06 | alostale | Status | resolved => closed |
| 2014-01-28 08:06 | alostale | Fixed in Version | => 3.0MP32 |
| 2014-02-12 18:28 | hudsonbot | Checkin | |
| 2014-02-12 18:28 | hudsonbot | Note Added: 0064092 | |
| 2014-05-16 12:30 | guillermogil | Relationship added | related to 0026566 |