Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
0032354Openbravo ERPA. Platformpublic2016-02-26 08:532016-03-17 10:56
0032354: field edit access doesn't allow to save if tab contains audit fields in its AD definition
If a role has editable access to some fields in a tab that includes updated/updated by fields and in the editable permissions these fields are not included, when trying to edited any of the granted fields, an error message is seen and the operation is rolled back.

Though these fields are not required to be included in the tab because they are always automatically included, it is not prevented and, in fact, there are some windows tabs that include them [1].

Checking those fields if any other is editable, has no sense because they are always updated in any edition.

[1] There are 25 tabs in this situation:
  select window_name, tab_name
  from ad_column c, ad_field f, ad_tab t, ad_window w
  where (columnname ilike 'created' or columnname ilike 'updated')
  and f.ad_column_id = c.ad_column_id
  and f.isactive='Y'
  and t.ad_tab_id = f.ad_tab_id
  and t.isactive='Y'
  and t.ad_window_id = w.ad_window_id
  and w.isactive='Y'
  order by 1,2
1. Login as Group Admin
2. Create a Role with
   - User Level: Client+Org
   - Org Access: España Región Sur
   - User Assignment: Openbravo
   - Window Access:
     - Window: Sales Invoice
     - Editable: No
   - Tab Access
     - Tab: Header
     - Editable: No
   - Field Access
     - Field: Description
     - Editable: Yes
3. Login with that role
4. Open Sales invoice and select any invoice in España Sur organization
5. Try to edit description field
   -> ERROR: Saving failed. Simple Role does not have access to the field Creation Date

Audit fields shouldn't be checked even they are not explicitly granted for edition.
No tags attached.
related to defect 0032292 closed caristu "OBSERDS_RoleHasNoFieldAccess" error thrown with specific role definition in Field tab 
Issue History
2016-02-26 08:53alostaleNew Issue
2016-02-26 08:53alostaleAssigned To => platform
2016-02-26 08:53alostaleModules => Core
2016-02-26 08:53alostaleTriggers an Emergency Pack => No
2016-02-26 08:54alostaleReview Assigned To => caristu
2016-02-26 08:54alostaleDescription Updatedbug_revision_view_page.php?rev_id=11258#r11258
2016-02-26 08:54alostaleRelationship addedrelated to 0032292
2016-02-26 08:54alostaleAssigned Toplatform => alostale
2016-02-26 08:59hgbotCheckin
2016-02-26 08:59hgbotNote Added: 0084538
2016-02-26 08:59hgbotStatusnew => resolved
2016-02-26 08:59hgbotResolutionopen => fixed
2016-02-26 08:59hgbotFixed in SCM revision => [^]
2016-02-26 12:58caristuNote Added: 0084563
2016-02-26 12:58caristuStatusresolved => closed
2016-02-26 12:58caristuFixed in Version => 3.0PR16Q2
2016-03-17 10:56hudsonbotCheckin
2016-03-17 10:56hudsonbotNote Added: 0085170

2016-02-26 08:59   
Repository: erp/devel/pi
Changeset: fd863146a4f43e4e7589a83979fb00425643209a
Author: Asier Lostalé <asier.lostale <at>>
Date: Fri Feb 26 08:57:54 2016 +0100
URL: [^]

fixed bug 32354: field edit access doesn't allow to save if tab contains audit

  For tabs that explicitly define their audit (updated/updated by) fields, roles
  with access to edit only some fields couldn't save unless in those fields audit
  were also included.

  Now audit fields are not checked for this validation as they are always updated
  on any allowed modification.

M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/
2016-02-26 12:58   
Code review + tested OK
2016-03-17 10:56   
A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: [^]
Maturity status: Test