Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0032354Openbravo ERPA. Platformpublic2016-02-26 08:532016-03-17 10:56
Reporteralostale 
Assigned Toalostale 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version3.0PR16Q2 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0032354: field edit access doesn't allow to save if tab contains audit fields in its AD definition
DescriptionIf a role has editable access to some fields in a tab that includes updated/updated by fields and in the editable permissions these fields are not included, when trying to edited any of the granted fields, an error message is seen and the operation is rolled back.

Though these fields are not required to be included in the tab because they are always automatically included, it is not prevented and, in fact, there are some windows tabs that include them [1].

Checking those fields if any other is editable, has no sense because they are always updated in any edition.

---
[1] There are 25 tabs in this situation:
  select w.name window_name, t.name tab_name
  from ad_column c, ad_field f, ad_tab t, ad_window w
  where (columnname ilike 'created' or columnname ilike 'updated')
  and f.ad_column_id = c.ad_column_id
  and f.isactive='Y'
  and t.ad_tab_id = f.ad_tab_id
  and t.isactive='Y'
  and t.ad_window_id = w.ad_window_id
  and w.isactive='Y'
  order by 1,2
Steps To Reproduce1. Login as Group Admin
2. Create a Role with
   - User Level: Client+Org
   - Org Access: España Región Sur
   - User Assignment: Openbravo
   - Window Access:
     - Window: Sales Invoice
     - Editable: No
   - Tab Access
     - Tab: Header
     - Editable: No
   - Field Access
     - Field: Description
     - Editable: Yes
3. Login with that role
4. Open Sales invoice and select any invoice in España Sur organization
5. Try to edit description field
   -> ERROR: Saving failed. Simple Role does not have access to the field Creation Date

  
Proposed SolutionAudit fields shouldn't be checked even they are not explicitly granted for edition.
Additional Information
TagsNo tags attached.
Relationships
related to defect 0032292 closed caristu "OBSERDS_RoleHasNoFieldAccess" error thrown with specific role definition in Field tab 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2016-02-26 08:53alostaleNew Issue
2016-02-26 08:53alostaleAssigned To => platform
2016-02-26 08:53alostaleOBNetwork customer => No
2016-02-26 08:53alostaleModules => Core
2016-02-26 08:53alostaleTriggers an Emergency Pack => No
2016-02-26 08:54alostaleReview Assigned To => caristu
2016-02-26 08:54alostaleDescription Updatedbug_revision_view_page.php?rev_id=11258#r11258
2016-02-26 08:54alostaleRelationship addedrelated to 0032292
2016-02-26 08:54alostaleAssigned Toplatform => alostale
2016-02-26 08:59hgbotCheckin
2016-02-26 08:59hgbotNote Added: 0084538
2016-02-26 08:59hgbotStatusnew => resolved
2016-02-26 08:59hgbotResolutionopen => fixed
2016-02-26 08:59hgbotFixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/fd863146a4f43e4e7589a83979fb00425643209a [^]
2016-02-26 12:58caristuNote Added: 0084563
2016-02-26 12:58caristuStatusresolved => closed
2016-02-26 12:58caristuFixed in Version => 3.0PR16Q2
2016-03-17 10:56hudsonbotCheckin
2016-03-17 10:56hudsonbotNote Added: 0085170

Notes
(0084538)
hgbot   
2016-02-26 08:59   
Repository: erp/devel/pi
Changeset: fd863146a4f43e4e7589a83979fb00425643209a
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Feb 26 08:57:54 2016 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/fd863146a4f43e4e7589a83979fb00425643209a [^]

fixed bug 32354: field edit access doesn't allow to save if tab contains audit

  For tabs that explicitly define their audit (updated/updated by) fields, roles
  with access to edit only some fields couldn't save unless in those fields audit
  were also included.

  Now audit fields are not checked for this validation as they are always updated
  on any allowed modification.

---
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
---
(0084563)
caristu   
2016-02-26 12:58   
Code review + tested OK
(0085170)
hudsonbot   
2016-03-17 10:56   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/b22fb0500156 [^]
Maturity status: Test