Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0030735 | Openbravo ERP | 02. Master data management | public | 2015-09-02 10:50 | 2015-09-11 06:33 |
|
| Reporter | malsasua | |
| Assigned To | AtulOpenbravo | |
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 20 | OS Version | Community Appliance |
| Product Version | 3.0PR15Q3 | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | vmromanos |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0030735: All price lists are displayed without check the organization role |
| Description | in the window "product" tab pricelist, in some cases, all pricelists are displayed in the combo, although the role has not permission to all pricelist organizations |
| Steps To Reproduce | . create pricelist as attachment: pl1.png
. create pricelist as attachment: pl2.png
. create role as attachment: roleOrgAccess.png and roleUser.png
. login in the ERP using the role "regionNorte"
. go to window product -> tab pricelist
. open the pricelist combo:
all pricelist are displayed, but only should be displayed regionNorte - plv
|
| Proposed Solution | the problem is in the callout SL_ProductPrice_PriceListVersion, it is returned in the line 66 false, and it should return true:
https://code.openbravo.com/erp/devel/pi/file/5a14852fac16/src/org/openbravo/erpCommon/ad_callouts/SL_ProductPrice_PriceListVersion.java#l66 [^] |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0021821 | 3.0MP17 | closed | ioritzCia | Prices visible in product does not belong to role | | related to | defect | 0030797 | 3.0PR15Q4 | closed | alostale | Validation rule automatically adds wrong organization list to the where clause | | related to | defect | 0030926 | 3.0PR15Q4 | closed | vmromanos | Price list version defined for España organization not available when registering product for * organization |
|
| Attached Files |  pl1.png (112,491) 2015-09-02 10:54
https://issues.openbravo.com/file_download.php?file_id=8412&type=bug
pl2.png (107,724) 2015-09-02 10:54
https://issues.openbravo.com/file_download.php?file_id=8413&type=bug
roleOrgAccess.png (121,426) 2015-09-02 10:54
https://issues.openbravo.com/file_download.php?file_id=8414&type=bug
roleUser.png (122,574) 2015-09-02 10:54
https://issues.openbravo.com/file_download.php?file_id=8415&type=bug
|
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2015-09-02 10:50 | malsasua | New Issue | |
| 2015-09-02 10:50 | malsasua | Assigned To | => Triage Finance |
| 2015-09-02 10:50 | malsasua | Modules | => Core |
| 2015-09-02 10:50 | malsasua | Resolution time | => 1442700000 |
| 2015-09-02 10:50 | malsasua | Triggers an Emergency Pack | => No |
| 2015-09-02 10:54 | malsasua | File Added: pl1.png | |
| 2015-09-02 10:54 | malsasua | File Added: pl2.png | |
| 2015-09-02 10:54 | malsasua | File Added: roleOrgAccess.png | |
| 2015-09-02 10:54 | malsasua | File Added: roleUser.png | |
| 2015-09-04 10:22 | vmromanos | Relationship added | related to 0021821 |
| 2015-09-04 12:36 | vmromanos | Note Added: 0080107 | |
| 2015-09-04 12:37 | vmromanos | Note Edited: 0080107 | bug_revision_view_page.php?bugnote_id=0080107#r9357 |
| 2015-09-07 09:14 | AtulOpenbravo | Assigned To | Triage Finance => AtulOpenbravo |
| 2015-09-07 09:14 | AtulOpenbravo | Status | new => scheduled |
| 2015-09-08 08:52 | AtulOpenbravo | Note Added: 0080236 | |
| 2015-09-08 11:42 | vmromanos | Note Edited: 0080107 | bug_revision_view_page.php?bugnote_id=0080107#r9379 |
| 2015-09-08 12:32 | vmromanos | Note Added: 0080243 | |
| 2015-09-08 13:52 | vmromanos | Note Edited: 0080243 | bug_revision_view_page.php?bugnote_id=0080243#r9390 |
| 2015-09-08 16:52 | vmromanos | Relationship added | related to 0030797 |
| 2015-09-08 16:56 | vmromanos | Note Edited: 0080243 | bug_revision_view_page.php?bugnote_id=0080243#r9393 |
| 2015-09-09 11:20 | hgbot | Checkin | |
| 2015-09-09 11:20 | hgbot | Note Added: 0080273 | |
| 2015-09-09 11:20 | hgbot | Status | scheduled => resolved |
| 2015-09-09 11:20 | hgbot | Resolution | open => fixed |
| 2015-09-09 11:20 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/33b4685cb8aee0a367b42741ecaf207c5b602597 [^] |
| 2015-09-09 11:20 | hgbot | Checkin | |
| 2015-09-09 11:20 | hgbot | Note Added: 0080274 | |
| 2015-09-09 11:20 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/33b4685cb8aee0a367b42741ecaf207c5b602597 [^] => http://code.openbravo.com/erp/devel/pi/rev/7d592e7f797fadd672708877241eda75ec953cdf [^] |
| 2015-09-09 11:21 | vmromanos | Review Assigned To | => vmromanos |
| 2015-09-09 11:21 | vmromanos | Note Added: 0080275 | |
| 2015-09-09 11:21 | vmromanos | Status | resolved => closed |
| 2015-09-09 23:11 | hudsonbot | Checkin | |
| 2015-09-09 23:11 | hudsonbot | Note Added: 0080298 | |
| 2015-09-09 23:11 | hudsonbot | Checkin | |
| 2015-09-09 23:11 | hudsonbot | Note Added: 0080299 | |
| 2015-09-10 09:51 | vmromanos | Note Edited: 0080107 | bug_revision_view_page.php?bugnote_id=0080107#r9412 |
| 2015-09-10 10:02 | vmromanos | Note Added: 0080310 | |
| 2015-09-10 10:02 | vmromanos | Status | closed => new |
| 2015-09-10 10:02 | vmromanos | Resolution | fixed => open |
| 2015-09-10 11:43 | hgbot | Checkin | |
| 2015-09-10 11:43 | hgbot | Note Added: 0080313 | |
| 2015-09-10 11:43 | hgbot | Status | new => resolved |
| 2015-09-10 11:43 | hgbot | Resolution | open => fixed |
| 2015-09-10 11:43 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/7d592e7f797fadd672708877241eda75ec953cdf [^] => http://code.openbravo.com/erp/devel/pi/rev/13211c4cc0a0029cb8643259cfbe3bd1e2ed215b [^] |
| 2015-09-10 11:44 | vmromanos | Status | resolved => closed |
| 2015-09-11 06:33 | hudsonbot | Checkin | |
| 2015-09-11 06:33 | hudsonbot | Note Added: 0080324 | |
| 2015-09-25 08:50 | vmromanos | Relationship added | related to 0030926 |
|
Notes |
|
|
(0080107)
|
|
vmromanos
|
2015-09-04 12:36
(edited on: 2015-09-10 09:51) |
|
Proposed solution:
1. Implement a validation rule in the M_PriceList_Version_ID column to see the records belonging the authorized orgs depending on the context role. (You can take as an example 'AD_Org of logged Role' validation rule)
Please verify that this new validation rule works fine for all the fields (in different windows) linked to this column.
2. Set this callout as deprecated (we don't delete it to avoid an API change)
|
|
|
|
|
Test Plan
- Login as F&B International Group Admin.
- Create pricelist as attachment: pl1.png
- Create pricelist as attachment: pl2.png
- Create role as attachment: roleOrgAccess.png and roleUser.png
- Logout and login using the role "regionNorte"
- Go to window product -> tab pricelist
- Open the pricelist selector list, check that not all pricelist are displayed, but only displayed is regionNorte - plv. |
|
|
|
(0080243)
|
|
vmromanos
|
2015-09-08 12:32
(edited on: 2015-09-08 16:56) |
|
Test plan II:
Create a role with access to Norte and Sur organizations similar to the previous one.
Go to Product | Price
Create a new record for Agua sin Gas 1L
Verify you can select either Norte or Sur price list versions created before
Please note that if the role is defined with User Level = "Organization", this scenario is not working fine. It will be automatically fixed with 0030797
|
|
|
|
(0080273)
|
|
hgbot
|
|
2015-09-09 11:20
|
|
Repository: erp/devel/pi
Changeset: 33b4685cb8aee0a367b42741ecaf207c5b602597
Author: Atul Gaware <atul.gaware <at> openbravo.com>
Date: Tue Sep 08 10:27:21 2015 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/33b4685cb8aee0a367b42741ecaf207c5b602597 [^]
Fixes Issue 30735:All price lists are displayed without organization role
access check.
Validation is provided to check the organization of price list being loaded
is accessible by Role of logged in user. SL_ProductPrice_PriceListVersion
is deprecated as is not required and also unlinked from the column.
---
M src-db/database/sourcedata/AD_COLUMN.xml
M src-db/database/sourcedata/AD_VAL_RULE.xml
M src/org/openbravo/erpCommon/ad_callouts/SL_ProductPrice_PriceListVersion.java
---
|
|
|
|
(0080274)
|
|
hgbot
|
|
2015-09-09 11:20
|
|
Repository: erp/devel/pi
Changeset: 7d592e7f797fadd672708877241eda75ec953cdf
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Tue Sep 08 19:05:27 2015 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/7d592e7f797fadd672708877241eda75ec953cdf [^]
Fixed bug 30735: code review improvements
Rewritten validation rule to be generic, so we can use it for any record (not only Price List Versions).
In case the role's user level is Client or Client+Organization, the validation also displays PLV for * organization even in the case the * organization is not in the list of the Role's Organizations. This is the way it works for normal WAD windows (like Price List).
Removed code related to user level = System, as this is not used by the finance flows
---
M src-db/database/sourcedata/AD_VAL_RULE.xml
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Reopened:
The callout might have sense in same scenarios with complex organization setup. It ensures the organization of the new Product Price is the same as the Price List Version if the role has write access to it.
Besides we will fix the following line as the indexOf() may return 0 when the record is found:
hasAccessTo = role.getOrganizationList().indexOf(plv.getOrganization().getId()) > 0; |
|
|
|
(0080313)
|
|
hgbot
|
|
2015-09-10 11:43
|
|
Repository: erp/devel/pi
Changeset: 13211c4cc0a0029cb8643259cfbe3bd1e2ed215b
Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com>
Date: Thu Sep 10 11:39:20 2015 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/13211c4cc0a0029cb8643259cfbe3bd1e2ed215b [^]
Fixed bug 30735: SL_ProductPrice_PriceListVersion is back with improvements
The SL_ProductPrice_PriceListVersion callout has been associated again to the Price List Version column.
This callout sets the Product Price's Organization equal to the Price List Version's Organization only in the case the current role has write access to the PLV's Organization.
Besides, this callout has been improved:
+ Run in admin mode
+ The validation to know whether it was a valid organization was wrong, because the indexOf() may also return 0 when a record is found. Besides using indexOf() to run this validation could be wrong when the Price List version is defined for * organization (since any of the organization's UUID in the role might contain a 0).
So this validation has been completely rewritten using StringTokenizer.
+ Finally, in case the role is defined for Client or Client+Organization user level, we force to include * in the list of valid organizations.
---
M src-db/database/sourcedata/AD_COLUMN.xml
M src/org/openbravo/erpCommon/ad_callouts/SL_ProductPrice_PriceListVersion.java
---
|
|
|
|
|
|