Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0032728 | Openbravo ERP | C. Security | public | 2016-04-20 13:50 | 2016-06-17 19:37 |
|
| Reporter | inigosanchez | |
| Assigned To | inigosanchez | |
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | 3.0PR16Q3 | Fixed in Version | 3.0PR16Q3 | |
| Merge Request Status | |
| Review Assigned To | alostale |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0032728: Standard datasources should check entity access. |
| Description | Standard datasources should check entity access. |
| Steps To Reproduce | - |
| Proposed Solution | * Allows implement entity access check.
* This mechanism should be overwritable so specific cases can implement their own security mechanisms.
* Define a property for backwards compatibility to allow them |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | related to | defect | 0032753 | 3.0PR16Q3 | closed | inigosanchez | Openbravo ERP | API change because weld injection is being used in BaseDataSourceService | | related to | defect | 0032820 | | closed | inigosanchez | Openbravo ERP | Cleanup unused TestInitializeAccess test | | related to | defect | 0032819 | | closed | inigosanchez | Openbravo ERP | An error is thrown when a Query List Widget is fetched. | | related to | defect | 0032730 | 3.0PR16Q3 | closed | inigosanchez | Openbravo ERP | API change because some methods have been added. | | related to | defect | 0032178 | | closed | inigosanchez | Openbravo ERP | AccessTableNoView error is thrown when it shouldnt be thrown. | | related to | defect | 0033866 | | closed | jorge-garcia | Retail Modules | [Mobile Warehouse Operations] Mobile Warehouse Operations 1.0.10 should depend on Mobile Core Infrastructure 3.0RR16Q3 | | related to | defect | 0034499 | | closed | caristu | Openbravo ERP | [clustering] CachedPreference feature is not supported on clustered environments | | related to | defect | 0034823 | | closed | inigosanchez | Openbravo ERP | Can't add lines in Requisition with role F&B EspaƱa, S.A - Employee | | related to | defect | 0037200 | | acknowledged | Triage Platform Base | Openbravo ERP | Entity Check is not done for the datasource calls of the foreign key filters in tree view | | causes | defect | 0032795 | 3.0PR16Q3 | closed | inigosanchez | Openbravo ERP | G/L Item combo appears empty in Add Payment process definition | | causes | defect | 0032833 | | closed | inigosanchez | Openbravo ERP | Tree view is not working properly | | causes | defect | 0033194 | 3.0PR16Q3 | closed | alostale | Openbravo ERP | Access not granted to Multi Selector Entity |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2016-04-20 13:50 | inigosanchez | New Issue | |
| 2016-04-20 13:50 | inigosanchez | Assigned To | => inigosanchez |
| 2016-04-20 13:50 | inigosanchez | Modules | => Core |
| 2016-04-20 13:50 | inigosanchez | Triggers an Emergency Pack | => No |
| 2016-04-20 13:50 | inigosanchez | Status | new => scheduled |
| 2016-04-20 14:52 | inigosanchez | Relationship added | related to 0032730 |
| 2016-04-21 13:36 | inigosanchez | Relationship added | related to 0032753 |
| 2016-04-22 12:26 | hgbot | Checkin | |
| 2016-04-22 12:26 | hgbot | Note Added: 0085885 | |
| 2016-04-22 12:27 | hgbot | Checkin | |
| 2016-04-22 12:27 | hgbot | Note Added: 0085886 | |
| 2016-04-22 12:27 | hgbot | Checkin | |
| 2016-04-22 12:27 | hgbot | Note Added: 0085887 | |
| 2016-04-22 17:29 | hgbot | Checkin | |
| 2016-04-22 17:29 | hgbot | Note Added: 0085910 | |
| 2016-04-22 17:29 | hgbot | Checkin | |
| 2016-04-22 17:29 | hgbot | Note Added: 0085911 | |
| 2016-04-22 17:30 | hgbot | Checkin | |
| 2016-04-22 17:30 | hgbot | Note Added: 0085912 | |
| 2016-04-25 09:32 | hgbot | Checkin | |
| 2016-04-25 09:32 | hgbot | Note Added: 0085939 | |
| 2016-04-25 09:43 | hgbot | Checkin | |
| 2016-04-25 09:43 | hgbot | Note Added: 0085942 | |
| 2016-04-25 09:43 | hgbot | Status | scheduled => resolved |
| 2016-04-25 09:43 | hgbot | Resolution | open => fixed |
| 2016-04-25 09:43 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/daf66237fa614b8fd8e72b08b17bcd893ed5e264 [^] |
| 2016-04-25 09:44 | hgbot | Checkin | |
| 2016-04-25 09:44 | hgbot | Note Added: 0085943 | |
| 2016-04-25 09:44 | hgbot | Checkin | |
| 2016-04-25 09:44 | hgbot | Note Added: 0085944 | |
| 2016-04-25 09:45 | hgbot | Checkin | |
| 2016-04-25 09:45 | hgbot | Note Added: 0085945 | |
| 2016-04-25 09:45 | hgbot | Checkin | |
| 2016-04-25 09:45 | hgbot | Note Added: 0085946 | |
| 2016-04-25 09:46 | hgbot | Checkin | |
| 2016-04-25 09:46 | hgbot | Note Added: 0085947 | |
| 2016-04-25 09:47 | hgbot | Checkin | |
| 2016-04-25 09:47 | hgbot | Note Added: 0085948 | |
| 2016-04-25 09:51 | inigosanchez | Review Assigned To | => alostale |
| 2016-04-25 10:26 | hgbot | Checkin | |
| 2016-04-25 10:26 | hgbot | Note Added: 0085952 | |
| 2016-04-25 13:59 | hgbot | Checkin | |
| 2016-04-25 13:59 | hgbot | Note Added: 0085960 | |
| 2016-04-27 10:40 | alostale | Relationship added | causes 0032795 |
| 2016-04-29 14:11 | alostale | Note Added: 0086082 | |
| 2016-04-29 14:11 | alostale | Status | resolved => closed |
| 2016-04-29 14:11 | alostale | Fixed in Version | => 3.0PR16Q3 |
| 2016-05-01 23:28 | inigosanchez | Relationship added | related to 0032820 |
| 2016-05-01 23:29 | inigosanchez | Relationship added | related to 0032819 |
| 2016-05-03 10:02 | alostale | Relationship added | causes 0032833 |
| 2016-05-09 08:26 | inigosanchez | Relationship added | related to 0032178 |
| 2016-06-09 10:17 | alostale | Relationship added | related to 0033194 |
| 2016-06-09 10:25 | alostale | Relationship replaced | causes 0033194 |
| 2016-06-17 19:37 | hudsonbot | Checkin | |
| 2016-06-17 19:37 | hudsonbot | Note Added: 0087489 | |
| 2016-08-31 14:19 | ngarcia | Relationship added | related to 0033866 |
| 2016-11-14 17:10 | caristu | Relationship added | related to 0034499 |
| 2016-12-29 15:13 | inigosanchez | Relationship added | related to 0034823 |
| 2017-10-31 13:46 | caristu | Relationship added | related to 0037200 |
|
Notes |
|
|
(0085885)
|
|
hgbot
|
|
2016-04-22 12:26
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory
Changeset: 2c01d09d4265de62e04f80c1f0e92ebee71dba0a
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:03:54 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/2c01d09d4265de62e04f80c1f0e92ebee71dba0a [^]
Related with issue 32728: Some mobile services have been removed.
It have been updated some mobile services because now it is used
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71'
mobile service (new mobile service) to manage new check entity access.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
---
|
|
|
|
(0085886)
|
|
hgbot
|
|
2016-04-22 12:27
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse.picking
Changeset: 77fc452aaf453cbba92106eb14afb9a0850c8087
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:02:03 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.picking/rev/77fc452aaf453cbba92106eb14afb9a0850c8087 [^]
Related with issue 32728: Some mobile services have been updated.
It have been updated some mobile services because now it is used
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71'
mobile service (new mobile service) to manage new check entity access.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
---
|
|
|
|
(0085887)
|
|
hgbot
|
|
2016-04-22 12:27
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse
Changeset: b6a9dc0b446829963b4c11e07d23d7817be54e8e
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:00:26 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse/rev/b6a9dc0b446829963b4c11e07d23d7817be54e8e [^]
Related with issue 32728: Some mobile services have been updated.
It have been updated some mobile services because now it is used
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71'
mobile service (new mobile service) to manage new check entity access.
Besides 'WarehouseMovementBinDatasource' extends from 'MobileDataSourceService'
to take into account check entity access in standard DS invoked from mobile.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
M src/org/openbravo/mobile/warehouse/datasource/WarehouseMovementBinDatasource.java
---
|
|
|
|
(0085910)
|
|
hgbot
|
|
2016-04-22 17:29
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse
Changeset: 1581f18e0b49f430e7804b21841a7b4f9f0ae152
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Fri Apr 22 17:28:43 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse/rev/1581f18e0b49f430e7804b21841a7b4f9f0ae152 [^]
Related with issue 32728: Backout changeset b6a9dc0b4468
Backed out changeset b6a9dc0b4468 because retail integration fails.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
M src/org/openbravo/mobile/warehouse/datasource/WarehouseMovementBinDatasource.java
---
|
|
|
|
(0085911)
|
|
hgbot
|
|
2016-04-22 17:29
|
|
|
|
|
(0085912)
|
|
hgbot
|
|
2016-04-22 17:30
|
|
|
|
|
(0085939)
|
|
hgbot
|
|
2016-04-25 09:32
|
|
|
|
|
(0085942)
|
|
hgbot
|
|
2016-04-25 09:43
|
|
Repository: erp/devel/pi
Changeset: daf66237fa614b8fd8e72b08b17bcd893ed5e264
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Fri Apr 22 10:01:49 2016 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/daf66237fa614b8fd8e72b08b17bcd893ed5e264 [^]
Fixed issue 32728: Standard datasources should check entity access.
---
M .settings/org.eclipse.jdt.core.prefs
M modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java
M modules/org.openbravo.client.application/src/org/openbravo/client/application/CachedPreference.java
M modules/org.openbravo.client.querylist/src/org/openbravo/client/querylist/QueryListDataSource.java
M modules/org.openbravo.service.datasource/src-db/database/sourcedata/AD_REF_LIST.xml
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ComboTableDatasourceService.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceConstants.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceService.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/HQLDataSourceService.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/NoteDataSource.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/TreeDatasourceService.java
M modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/CustomQuerySelectorDatasource.java
M modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorFieldPropertyDataSource.java
M src-test/src/org/openbravo/test/AllWebserviceTests.java
M src-test/src/org/openbravo/test/datasource/DataSourceWhereParameter.java
M src-test/src/org/openbravo/test/datasource/ProductSelectorDataSourceTest.java
M src-test/src/org/openbravo/test/datasource/TestAllowUnpagedDatasourcePreference.java
M src-test/src/org/openbravo/test/datasource/TestComboDatasource.java
M src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java
M src/org/openbravo/base/model/ModelProvider.java
M src/org/openbravo/common/datasource/StockReservationPickAndEditDataSource.java
M src/org/openbravo/dal/security/EntityAccessChecker.java
M src/org/openbravo/materialmgmt/ManageVariantsDS.java
M src/org/openbravo/materialmgmt/ProductCharacteristicsDS.java
A src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java
A src-test/src/org/openbravo/test/datasource/TestInitializeAccess.java
---
|
|
|
|
(0085943)
|
|
hgbot
|
|
2016-04-25 09:44
|
|
Repository: erp/pmods/org.openbravo.mobile.core
Changeset: 2eeffcabe702aef1acb9e7a965936d9b722f2396
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Wed Apr 20 14:28:17 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/2eeffcabe702aef1acb9e7a965936d9b722f2396 [^]
Related with issue 32728: MobileDataSourceService datasource has been created.
MobileDataSourceService has been created. Security methods of MobileDataSourceService
are temporarily disabled until this security will be implemented in mobile part. Besides,
It have been created two new mobile services:
* From one side a new mobile service called 'org.openbravo.service.datasource'.
This service name uses 'contains' to match it with the requests from the client.
So a service name of 'org.openbravo.service.datasource' will handle all the
client side requests with 'org.openbravo.service.datasource' in the requested
URL. For this reason,mobile services that are previously deleted it can be
manage properly.
* On the other hand, It have been created new mobile service called
'org.openbravo.mobile.core.datasource/MobileDataSourceService' to allows used this
new DS in mobile.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
M web/org.openbravo.mobile.core/source/data/ob-model.js
A src-db/database/sourcedata/OBSERDS_DATASOURCE.xml
A src/org/openbravo/mobile/core/datasource/MobileDataSourceService.java
---
|
|
|
|
(0085944)
|
|
hgbot
|
|
2016-04-25 09:44
|
|
Repository: erp/pmods/org.openbravo.mobile.core
Changeset: 7c26697c6f6e28bdefc323eff51341c2c6653d99
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:11:26 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/7c26697c6f6e28bdefc323eff51341c2c6653d99 [^]
Related with issue 32728: MobileDataSourceService datasource has been improved.
MobileDataSourceService has been updated. It have been added fetch, add, remove
and update methods. Besides, It have been updated two mobile services:
* From one side a new mobile service called 'org.openbravo.service.datasource' has
been removed.
* On the other hand, It have been updated mobile service called
'org.openbravo.mobile.core.datasource/MobileDataSourceService' to
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' because
this service name should be an url.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
M src/org/openbravo/mobile/core/datasource/MobileDataSourceService.java
---
|
|
|
|
(0085945)
|
|
hgbot
|
|
2016-04-25 09:45
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse.picking
Changeset: 80d240cb7798a54664c5c2acaa43191d1f67f086
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:02:03 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.picking/rev/80d240cb7798a54664c5c2acaa43191d1f67f086 [^]
Related with issue 32728: Some mobile services have been updated.
It have been updated some mobile services because now it is used
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71'
mobile service (new mobile service) to manage new check entity access.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
---
|
|
|
|
(0085946)
|
|
hgbot
|
|
2016-04-25 09:45
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse
Changeset: a2e2b97cec2904ccaff050c81bc48c19c33ae7d4
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:00:26 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse/rev/a2e2b97cec2904ccaff050c81bc48c19c33ae7d4 [^]
Related with issue 32728: Some mobile services have been updated.
It have been updated some mobile services because now it is used
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71'
mobile service (new mobile service) to manage new check entity access.
Besides 'WarehouseMovementBinDatasource' extends from 'MobileDataSourceService'
to take into account check entity access in standard DS invoked from mobile.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
M src/org/openbravo/mobile/warehouse/datasource/WarehouseMovementBinDatasource.java
---
|
|
|
|
(0085947)
|
|
hgbot
|
|
2016-04-25 09:46
|
|
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory
Changeset: ef87d185055f3cd20275a746ea82c873ba3b091b
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 13:03:54 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/ef87d185055f3cd20275a746ea82c873ba3b091b [^]
Related with issue 32728: Some mobile services have been updated.
It have been updated some mobile services because now it is used
'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71'
mobile service (new mobile service) to manage new check entity access.
---
M src-db/database/sourcedata/OBMOBC_SERVICES.xml
---
|
|
|
|
(0085948)
|
|
hgbot
|
|
2016-04-25 09:47
|
|
Repository: erp/pmods/org.openbravo.module.resources
Changeset: 0df0e74fec7ca9375d979f10f9dbbc905086fec8
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Thu Apr 21 14:15:33 2016 +0200
URL: http://code.openbravo.com/erp/pmods/org.openbravo.module.resources/rev/0df0e74fec7ca9375d979f10f9dbbc905086fec8 [^]
Related with issue 32728: ResourcesCalendarDataSource has been updated.
ResourcesCalendarDataSource datasource has been updated to take into account new
security methods.
---
M src/org/openbravo/module/resources/calendar/ResourcesCalendarDataSource.java
---
|
|
|
|
(0085952)
|
|
hgbot
|
|
2016-04-25 10:26
|
|
|
|
|
(0085960)
|
|
hgbot
|
|
2016-04-25 13:59
|
|
|
|
|
|
|
code reviewed and tested as part of the project |
|
|
|
|
|