Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0033826Retail ModulesWeb POSpublic2016-08-26 15:302016-08-31 10:30
ReporterOrekaria 
Assigned ToRetail 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusnewResolutionopen 
PlatformOS5OS Version
Product Version 
Target VersionFixed in Version 
Merge Request Status
Review Assigned To
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0033826: Approval is being approved even if user is not having access to approve Based on Priority Preference
DescriptionApproval is being approved even if user is not having access to approve Based on Priority Preference
Steps To ReproduceConfigure 2 approval preferences for Remove Receipt as stated in the attached image

Log into the WebPOS with "vallblanca" user
Create a receipt, add a product
Try to delete the receipt
Verify that the approval popup is shown (CORRECT)

Verify that if the user "vallblanca" credentials are provided in the pop up, the receipt is removed - INCORRECT
(user "vallblanca" has no access to delete lines based on the Priority Preference)
Proposed SolutionThe problem is that the preferences are sorted by priority but the information available to the server at the time of the check approval, is not enough to recreate the same priority order

Priority Preference from Preference.java
getHighestPriority(...) has to be considered in CheckApproval.java
and LoginUtilsServlet.java

Automation:
Create a test to verify this issue
Additional Information
TagsNo tags attached.
Relationships
Attached Filespng PreferenceConfig.png (19,391) 2016-08-30 15:16
https://issues.openbravo.com/file_download.php?file_id=9767&type=bug
png
Issue History
Date ModifiedUsernameFieldChange
2016-08-26 15:30OrekariaNew Issue
2016-08-26 15:30OrekariaAssigned To => Retail
2016-08-26 15:30OrekariaTriggers an Emergency Pack => No
2016-08-26 15:31OrekariaStatusnew => scheduled
2016-08-26 15:31OrekariaAssigned ToRetail => simbu94
2016-08-26 15:31OrekariaRelationship addedcaused by 0033568
2016-08-26 15:32OrekariaProposed Solution updated
2016-08-26 15:32OrekariaProposed Solution updated
2016-08-26 15:33OrekariaRegression introduced in release => pi
2016-08-26 15:33OrekariaRegression introduced by commit => https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e7540df082f6e24f0c18b5aaacedead195004f83 [^]
2016-08-29 13:21simbu94Relationship deletedcaused by 0033568
2016-08-29 13:21simbu94Regression introduced in releasepi =>
2016-08-29 13:21simbu94Regression introduced by commithttps://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e7540df082f6e24f0c18b5aaacedead195004f83 [^] =>
2016-08-30 14:17OrekariaNote Added: 0089551
2016-08-30 14:20OrekariaFile Added: Screenshot from 2016-08-30 14:19:51.png
2016-08-30 14:20OrekariaSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=12974#r12974
2016-08-30 14:22OrekariaAssigned Tosimbu94 => Retail
2016-08-30 14:22OrekariaStatusscheduled => feedback
2016-08-30 14:22OrekariaStatusfeedback => new
2016-08-30 14:24OrekariaSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=12975#r12975
2016-08-30 15:06simbu94Note Edited: 0089551bug_revision_view_page.php?bugnote_id=0089551#r12977
2016-08-30 15:10simbu94File Deleted: Screenshot from 2016-08-30 14:19:51.png
2016-08-30 15:16simbu94File Added: PreferenceConfig.png
2016-08-30 15:26simbu94SummaryApproval is required for a user that already has it granted => Approval is being approved even if user is not having access to approve Based on Priority Preference
2016-08-30 15:26simbu94Description Updatedbug_revision_view_page.php?rev_id=12979#r12979
2016-08-30 15:26simbu94Steps to Reproduce Updatedbug_revision_view_page.php?rev_id=12980#r12980
2016-08-30 15:26simbu94Proposed Solution updated
2016-08-31 08:45simbu94Note Edited: 0089551bug_revision_view_page.php?bugnote_id=0089551#r12985
2016-08-31 10:30OrekariaProposed Solution updated

Notes
(0089551)
Orekaria   
2016-08-30 14:17   
(edited on: 2016-08-31 08:45)
When a user is logged in POS, Preferences are loaded based on Default Role from RolePreferences.java (getPreferenceValues(PreferenceKeys) method) class

Here the preferences are sorted by Preference Priority described below but the at the time of Approval in POS (CheckApproval.java) Preference Priority is not considered.

Also at the time of Loading default users who can approve is showing all user irrespective of Preference Priority (LoginUtilsServlet.java).


Priority Levels: (pref1, pref2 = Preference 1 , Preference 2)

1. Check Priority by Client (Visible at client)
    *Undefined client visibility is handled as SYSTEM.
    *If pref1 or pref2 either of them which doesn't set to SYSTEM CLIENT will be Considered.
    *If pref1 or pref2 both have visible at client set and both not set to SYSTEM CLIENT then it will check Next Priority Level.


2. Check Priority by Organization (Visible at Organization)
    *If pref1 or pref2 either of them has visible at organization set, Then it will be Considered.
    *if pref1 or pref2 both have visible at organization set then It will check the Depth of the in Organization Tree and Highest Organization will Preferences will be Considered.
    *If pref1 or pref2 both have same organization set then it will check Next Priority Level.


3. Check Priority by user (Visible at User)
    *if pref1 or pref2 either of them has Visible at User set, It will be considered.
    *if pref1 or pref2 both have set Visible at User then it will check Next Priority Level.


4. Check Priority by Role (Visible at Role)
    *same as Check priority by user.


5. Check Priority by Window (Visible at Window)
    *same as Check priority by user.


6. SAME PRIORITY
    * If all the above levels are same then it will check for column "selected" and will Consider it.