Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0034676 | Openbravo ERP | A. Platform | public | 2016-12-02 11:26 | 2017-05-29 17:43 |
|
| Reporter | JONHM | |
| Assigned To | AtulOpenbravo | |
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 3.0PR17Q3 | |
| Merge Request Status | |
| Review Assigned To | markmm82 |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0034676: It is possible to see prices for list prices for organizations that you don't have access to. |
| Description | When using the product selector it is possible to see the price of pricelist that belongs to an organization that the role used does not access to. |
| Steps To Reproduce | Using the F&B sample data.
1-Create a new role.
Org=*
Access level=Organization
Org access: REmove all the rows except: España REgion Sur
Window Access: Sales Order. Editable field=Y.
2-Crea a new user.
Org=*
User Roles: the previously created role.
3-Create a priceslit:
Organization: España Norte
Sales priceslit =Y
Create a priceslit version and create the product prices using on the base version "Tarifa de ventas".
3-Create a priceslit:
Organization: España Surt
Sales priceslit =Y
Create a priceslit version and create the product prices using on the base version "Tarifa de ventas".
4-Logout
5-Login with the new user.
6-Create a sales order. Organization = region sur.
7-Create a line. Open the product selector popup.
8-REmove the filters.
*See on the prices list version column that you see rows for norte prices list also.
|
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | feature request | 0035590 | 3.0PR17Q3 | closed | vmromanos | AD_IsOrgIncluded performance improvements | | related to | feature request | 0034928 | | new | Triage Platform Base | Advance Filterable in Defined Selector Field | | related to | defect | 0035013 | | closed | AtulOpenbravo | Performance issue in Product Selector when applying patch 37676 |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2016-12-02 11:26 | JONHM | New Issue | |
| 2016-12-02 11:26 | JONHM | Assigned To | => platform |
| 2016-12-02 11:26 | JONHM | Modules | => Core |
| 2016-12-02 11:26 | JONHM | Resolution time | => 1481842800 |
| 2016-12-02 11:26 | JONHM | Triggers an Emergency Pack | => No |
| 2016-12-07 09:21 | alostale | Note Added: 0092156 | |
| 2016-12-07 09:21 | alostale | Status | new => closed |
| 2016-12-07 09:21 | alostale | Resolution | open => invalid |
| 2016-12-20 12:49 | egoitz | Resolution time | 1481842800 => 1482879600 |
| 2016-12-20 12:49 | egoitz | Assigned To | platform => Triage Finance |
| 2016-12-20 12:49 | egoitz | Status | closed => new |
| 2016-12-20 12:49 | egoitz | Summary | Defined Role has access to every organization's price lists => It is possible to see prices for list prices for organizations that you don't have access to. |
| 2016-12-20 12:49 | egoitz | Description Updated | bug_revision_view_page.php?rev_id=14082#r14082 |
| 2016-12-20 12:49 | egoitz | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=14084#r14084 |
| 2016-12-20 12:49 | egoitz | Issue Monitored: networkb | |
| 2016-12-20 12:50 | egoitz | Issue Monitored: maite | |
| 2016-12-20 12:52 | egoitz | Note Deleted: 0092156 | |
| 2016-12-20 12:56 | egoitz | Resolution time | 1482879600 => 1482793200 |
| 2016-12-20 16:00 | markmm82 | Assigned To | Triage Finance => AtulOpenbravo |
| 2016-12-20 17:17 | egoitz | Resolution | invalid => open |
| 2016-12-21 15:50 | markmm82 | Status | new => scheduled |
| 2017-01-04 18:15 | hgbot | Checkin | |
| 2017-01-04 18:15 | hgbot | Note Added: 0093198 | |
| 2017-01-04 18:15 | hgbot | Status | scheduled => resolved |
| 2017-01-04 18:15 | hgbot | Resolution | open => fixed |
| 2017-01-04 18:15 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/34c040a18ce0c1d1c72531210b38f8726fdd3aef [^] |
| 2017-01-04 18:15 | hgbot | Checkin | |
| 2017-01-04 18:15 | hgbot | Note Added: 0093199 | |
| 2017-01-04 18:20 | markmm82 | Review Assigned To | => markmm82 |
| 2017-01-04 18:20 | markmm82 | Note Added: 0093202 | |
| 2017-01-04 18:20 | markmm82 | Status | resolved => closed |
| 2017-01-04 18:20 | markmm82 | Fixed in Version | => 3.0PR17Q1 |
| 2017-01-05 08:39 | vmromanos | Note Added: 0093208 | |
| 2017-01-05 08:39 | vmromanos | Status | closed => new |
| 2017-01-05 08:39 | vmromanos | Resolution | fixed => open |
| 2017-01-05 08:39 | vmromanos | Fixed in Version | 3.0PR17Q1 => |
| 2017-01-05 14:42 | hgbot | Checkin | |
| 2017-01-05 14:42 | hgbot | Note Added: 0093230 | |
| 2017-01-12 14:30 | vmromanos | Relationship added | related to 0034928 |
| 2017-01-12 14:37 | vmromanos | Status | new => scheduled |
| 2017-01-12 14:37 | vmromanos | Note Added: 0093414 | |
| 2017-01-12 15:14 | hgbot | Checkin | |
| 2017-01-12 15:14 | hgbot | Note Added: 0093418 | |
| 2017-01-12 15:14 | hgbot | Status | scheduled => resolved |
| 2017-01-12 15:14 | hgbot | Resolution | open => fixed |
| 2017-01-12 15:14 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/34c040a18ce0c1d1c72531210b38f8726fdd3aef [^] => http://code.openbravo.com/erp/devel/pi/rev/0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 [^] |
| 2017-01-12 15:14 | hgbot | Checkin | |
| 2017-01-12 15:14 | hgbot | Note Added: 0093419 | |
| 2017-01-12 15:17 | markmm82 | Note Added: 0093420 | |
| 2017-01-12 15:17 | markmm82 | Status | resolved => closed |
| 2017-01-12 15:17 | markmm82 | Fixed in Version | => 3.0PR17Q2 |
| 2017-01-19 17:40 | JONHM | Relationship added | related to 0035013 |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095063 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095064 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095068 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095089 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095090 | |
| 2017-03-21 14:44 | markmm82 | Resolution time | 1482793200 => |
| 2017-03-21 14:44 | markmm82 | Fixed in Version | 3.0PR17Q2 => |
| 2017-03-21 14:46 | markmm82 | Status | closed => new |
| 2017-03-21 14:46 | markmm82 | Resolution | fixed => open |
| 2017-03-21 14:55 | hgbot | Checkin | |
| 2017-03-21 14:55 | hgbot | Note Added: 0095472 | |
| 2017-03-22 01:01 | hudsonbot | Checkin | |
| 2017-03-22 01:01 | hudsonbot | Note Added: 0095493 | |
| 2017-03-22 01:01 | hudsonbot | Checkin | |
| 2017-03-22 01:01 | hudsonbot | Note Added: 0095494 | |
| 2017-03-22 10:32 | vmromanos | Relationship added | depends on 0035590 |
| 2017-03-27 13:29 | maite | Resolution time | => 1506808800 |
| 2017-03-27 13:31 | vmromanos | Note Added: 0095586 | |
| 2017-03-27 13:31 | vmromanos | Assigned To | AtulOpenbravo => vmromanos |
| 2017-03-27 13:31 | vmromanos | Status | new => acknowledged |
| 2017-03-31 10:18 | vmromanos | Status | acknowledged => scheduled |
| 2017-03-31 10:18 | vmromanos | Note Added: 0095750 | |
| 2017-03-31 10:18 | vmromanos | Assigned To | vmromanos => AtulOpenbravo |
| 2017-04-10 14:50 | hgbot | Checkin | |
| 2017-04-10 14:50 | hgbot | Note Added: 0095944 | |
| 2017-04-10 14:50 | hgbot | Status | scheduled => resolved |
| 2017-04-10 14:50 | hgbot | Resolution | open => fixed |
| 2017-04-10 14:50 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 [^] => http://code.openbravo.com/erp/devel/pi/rev/6026736637ce1ebf1a40e016962394aab4513ad5 [^] |
| 2017-04-10 14:51 | hgbot | Checkin | |
| 2017-04-10 14:51 | hgbot | Note Added: 0095945 | |
| 2017-04-10 14:55 | aferraz | Note Added: 0095947 | |
| 2017-04-10 14:55 | aferraz | Status | resolved => closed |
| 2017-04-10 14:55 | aferraz | Fixed in Version | => 3.0PR17Q3 |
| 2017-05-29 17:43 | hudsonbot | Checkin | |
| 2017-05-29 17:43 | hudsonbot | Note Added: 0096881 | |
| 2017-05-29 17:43 | hudsonbot | Checkin | |
| 2017-05-29 17:43 | hudsonbot | Note Added: 0096882 | |
|
Notes |
|
|
(0093198)
|
|
hgbot
|
|
2017-01-04 18:15
|
|
Repository: erp/devel/pi
Changeset: 34c040a18ce0c1d1c72531210b38f8726fdd3aef
Author: Atul Gaware <atul.gaware <at> openbravo.com>
Date: Thu Dec 22 22:54:41 2016 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/34c040a18ce0c1d1c72531210b38f8726fdd3aef [^]
Fixes Issue 34676:It is possible to see prices for list prices for
organizations that you don't have access to.
Problem is Organization property of Product Price in the Product Price By
Warehouse view is not checked whether it appears in Natural Tree of the
Current Logged in Organization.
---
M src-db/database/sourcedata/OBUISEL_SELECTOR.xml
---
|
|
|
|
(0093199)
|
|
hgbot
|
|
2017-01-04 18:15
|
|
|
|
|
|
|
|
|
|
Reopen because this solution might not properly resolve the issue.
Changesets must be reverted from PI |
|
|
|
(0093230)
|
|
hgbot
|
|
2017-01-05 14:42
|
|
|
|
|
|
|
Reported feature request 0034928. Meanwhile it's implemented, let's fix this issue with the "where clause" modification. |
|
|
|
(0093418)
|
|
hgbot
|
|
2017-01-12 15:14
|
|
Repository: erp/devel/pi
Changeset: 0084ae9c0c18835ee16ede128b9cbe8eb5a072e7
Author: Atul Gaware <atul.gaware <at> openbravo.com>
Date: Thu Dec 22 22:54:41 2016 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 [^]
Fixes Issue 34676:It is possible to see prices for list prices for
organizations that you don't have access to.
Problem is Organization property of Product Price in the Product Price By
Warehouse view is not checked whether it appears in Natural Tree of the
Current Logged in Organization.
---
M src-db/database/sourcedata/OBUISEL_SELECTOR.xml
---
|
|
|
|
(0093419)
|
|
hgbot
|
|
2017-01-12 15:14
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(0095472)
|
|
hgbot
|
|
2017-03-21 14:55
|
|
Repository: erp/devel/pi
Changeset: 6a49dfd6cb00f251606f1fd2608b792ca97b0e9b
Author: Mark <markmm82 <at> gmail.com>
Date: Mon Mar 20 10:56:06 2017 -0400
URL: http://code.openbravo.com/erp/devel/pi/rev/6a49dfd6cb00f251606f1fd2608b792ca97b0e9b [^]
Related to issue 34676: Backed out changeset 0084ae9c0c18.
Reverts changes of issue 34676 that creates the performance problem
described in regression 35013. It allow to see other pricelists in the selector.
In 17Q3 version will be improved the AD_ISORGINCLUDED function and then this solution
will be evaluated again.
---
M src-db/database/sourcedata/OBUISEL_SELECTOR.xml
---
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Pending to be tested with AD_IsOrgIncluded performance refactor |
|
|
|
|
It is confirmed the fix is correct from a performance point of view, specially when applied with the AD_IsOrgIncluded performance refactor (0035590).
The issue is scheduled again and will be included in 3.0PR17Q3 when 0035590 is closed |
|
|
|
(0095944)
|
|
hgbot
|
|
2017-04-10 14:50
|
|
Repository: erp/devel/pi
Changeset: 6026736637ce1ebf1a40e016962394aab4513ad5
Author: Atul Gaware <atul.gaware <at> openbravo.com>
Date: Thu Dec 22 22:54:41 2016 +0530
URL: http://code.openbravo.com/erp/devel/pi/rev/6026736637ce1ebf1a40e016962394aab4513ad5 [^]
Fixes Issue 34676:It is possible to see prices for list prices for
organizations that you don't have access to.
Problem is Organization property of Product Price in the Product Price By
Warehouse view is not checked whether it appears in Natural Tree of the
Current Logged in Organization.
---
M src-db/database/sourcedata/OBUISEL_SELECTOR.xml
---
|
|
|
|
(0095945)
|
|
hgbot
|
|
2017-04-10 14:51
|
|
|
|
|
|
|
Reapply fix once 0035590 has been closed. |
|
|
|
|
|
|
|
|
|