Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0034931 | Openbravo ERP | A. Platform | public | 2017-01-12 17:05 | 2022-02-01 08:08 |
|
| Reporter | JONHM | |
| Assigned To | Triage Platform Base | |
| Priority | high | Severity | major | Reproducibility | always |
| Status | acknowledged | Resolution | open | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | OBPS |
| Web browser | |
| Modules | Core |
| Support ticket | 44646 |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0034931: Using both WS types return different information for the same user |
| Description | When granting some window access to a role (which it suppose to only have permission to view the related tables of that window), it shows different data in both Web Services. It shows more properties to related Entities using JSon web service than using DAL Web Service.
Notice that flows of both WS types (DAL and JSon) are different. |
| Steps To Reproduce | 1) Create Role "test" in [Role] window:
name: test
user level: Client+Organization
- check "manual" checkbox on and also check on the "Is Web Service Enabled" checkbox
-- Then Switch to "Org Access" tab and give access to '*' and finally switch to "Window Access" tab and give access to window "Warehouse and Storage Bins"
2) Create User "test" in [User] window:
name: test
username: test
password: openbravo
- Then switch to "User Roles" tab and add the previous created role "test".
3) Using some chrome tool, like 'Postman' to check web services, introduce the URL to check if our user have access to 'Orders' or 'Country' (notice that we tried the issue into Openbravo livebuilds, when trying on a localhost environment it should be replaced by http://localhost:8080/openbravo/ws/dal/... [^]):
3.1) First, let's try the JSon WS:
https://livebuilds.openbravo.com/erp_pi_pgsql/org.openbravo.service.json.jsonrest/Order [^]
--> Notice that several fields are displayed, like partnerAddress, userContact and more info.
3.2) Then, try it on DAL WS:
https://livebuilds.openbravo.com/erp_pi_pgsql/ws/dal/Order [^]
--> Notice that only three fields are displayed (documentNo, orderDate, grandTotalAmount) |
| Proposed Solution | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  Screenshot from 2017-01-12 17-28-10.png (146,133) 2017-01-12 17:28
https://issues.openbravo.com/file_download.php?file_id=10292&type=bug
|
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2017-01-12 17:05 | JONHM | New Issue | |
| 2017-01-12 17:05 | JONHM | Assigned To | => platform |
| 2017-01-12 17:05 | JONHM | OBNetwork customer | => Yes |
| 2017-01-12 17:05 | JONHM | Modules | => Core |
| 2017-01-12 17:05 | JONHM | Support ticket | => 44646 |
| 2017-01-12 17:05 | JONHM | Triggers an Emergency Pack | => No |
| 2017-01-12 17:07 | JONHM | Note Added: 0093433 | |
| 2017-01-12 17:25 | JONHM | Summary | Extra granted access to Entities using JSon Web Service => Using both WS types return different information for the same user |
| 2017-01-12 17:25 | JONHM | Description Updated | bug_revision_view_page.php?rev_id=14257#r14257 |
| 2017-01-12 17:25 | JONHM | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=14259#r14259 |
| 2017-01-12 17:28 | JONHM | File Added: Screenshot from 2017-01-12 17-28-10.png | |
| 2017-06-02 10:52 | alostale | Status | new => acknowledged |
| 2022-02-01 08:08 | alostale | Assigned To | platform => Triage Platform Base |