Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0036725 | Openbravo ERP | 01. General setup | public | 2017-08-28 10:13 | 2017-09-22 18:28 |
|
| Reporter | maite | |
| Assigned To | AugustoMauch | |
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | | |
| Target Version | | Fixed in Version | 3.0PR17Q4 | |
| Merge Request Status | |
| Review Assigned To | caristu |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0036725: Should not be possible to create new data when user is not able to edit existent data |
| Description | Should not be possible to create new data when user is not able to edit existent data |
| Steps To Reproduce | 0. Create new role named "españa" setting UserLevel=Organization
1. Edit "Org Access" to only leave access to "F&B España - Región Norte" and "F&B España - Región Sur" organizations
2. Edit "User Assigment" to define "Openbravo"
3. Logout and login again using "españa" role
4. Access Business Partner window and realize that you are able to see "F&B España, S.A" records bt not able to edit it (which is OK)
5. Access "Location/Address" tab and realize that you are not able to edit reord (which is OK) but you are able to create new record (which is not OK). Moreover it will be created to organization different from "F&B España, S.A"
Same behavior present in Product window |
| Proposed Solution | Organization field was set as readonly in Business Partner, Product... tabs as you were able to create data inconsistency between header's org and tab's org. For that reason, user should not be able to create records in tabs where Organization field is not shown (such as Business Partner, Product...) and in case it has not edit permissions to header's organization |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | duplicate of | design defect | 0026170 | | closed | AugustoMauch | Openbravo ERP | Role can add lines in sales order without access to the org of the header | | related to | defect | 0036661 | | closed | rqueralta | Retail Modules | Wrong organization set to Business Partner address so order is not synchronized | | related to | feature request | 0036866 | | new | Triage Platform Base | Openbravo ERP | Make explicit in the UI why a toolbar button is disabled | | related to | defect | 0039784 | | closed | ranjith_qualiantech_com | Retail Modules | OBPOS_HardwareURL may be generated by org * | | causes | defect | 0036953 | | closed | caristu | Openbravo ERP | Can not create records in Organization window sub-tabs |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2017-08-28 10:13 | maite | New Issue | |
| 2017-08-28 10:13 | maite | Assigned To | => Triage Finance |
| 2017-08-28 10:13 | maite | Modules | => Core |
| 2017-08-28 10:13 | maite | Resolution time | => 1505080800 |
| 2017-08-28 10:13 | maite | Triggers an Emergency Pack | => No |
| 2017-08-28 10:13 | maite | Issue Monitored: networkb | |
| 2017-08-31 09:40 | aferraz | Steps to Reproduce Updated | bug_revision_view_page.php?rev_id=15766#r15766 |
| 2017-08-31 10:00 | aferraz | Assigned To | Triage Finance => platform |
| 2017-08-31 10:08 | aferraz | Note Added: 0098743 | |
| 2017-08-31 11:47 | alostale | Relationship added | duplicate of 0026170 |
| 2017-09-05 09:09 | alostale | Note Added: 0098822 | |
| 2017-09-05 09:09 | alostale | Status | new => feedback |
| 2017-09-11 10:45 | maite | Relationship added | related to 0036661 |
| 2017-09-13 16:36 | maite | Status | feedback => new |
| 2017-09-14 10:03 | AugustoMauch | Assigned To | platform => AugustoMauch |
| 2017-09-15 12:30 | AugustoMauch | Review Assigned To | => caristu |
| 2017-09-15 12:31 | hgbot | Checkin | |
| 2017-09-15 12:31 | hgbot | Note Added: 0099069 | |
| 2017-09-15 12:31 | hgbot | Status | new => resolved |
| 2017-09-15 12:31 | hgbot | Resolution | open => fixed |
| 2017-09-15 12:31 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa39f0c4daacccad122b69517a203e0 [^] |
| 2017-09-15 12:43 | AugustoMauch | Relationship added | related to 0036866 |
| 2017-09-18 10:23 | hgbot | Checkin | |
| 2017-09-18 10:23 | hgbot | Note Added: 0099093 | |
| 2017-09-21 16:50 | hudsonbot | Checkin | |
| 2017-09-21 16:50 | hudsonbot | Note Added: 0099400 | |
| 2017-09-21 16:50 | hudsonbot | Checkin | |
| 2017-09-21 16:50 | hudsonbot | Note Added: 0099402 | |
| 2017-09-22 10:10 | caristu | Note Added: 0099464 | |
| 2017-09-22 10:12 | caristu | Note Edited: 0099464 | bug_revision_view_page.php?bugnote_id=0099464#r15971 |
| 2017-09-22 10:13 | caristu | Note Edited: 0099464 | bug_revision_view_page.php?bugnote_id=0099464#r15972 |
| 2017-09-22 10:32 | caristu | Status | resolved => new |
| 2017-09-22 10:32 | caristu | Resolution | fixed => open |
| 2017-09-22 11:04 | hgbot | Checkin | |
| 2017-09-22 11:04 | hgbot | Note Added: 0099474 | |
| 2017-09-22 11:04 | hgbot | Status | new => resolved |
| 2017-09-22 11:04 | hgbot | Resolution | open => fixed |
| 2017-09-22 11:04 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa39f0c4daacccad122b69517a203e0 [^] => http://code.openbravo.com/erp/devel/pi/rev/cf859d178908414a35b159d55df22169cc7afd3d [^] |
| 2017-09-22 12:34 | caristu | Note Added: 0099480 | |
| 2017-09-22 12:34 | caristu | Status | resolved => closed |
| 2017-09-22 12:34 | caristu | Fixed in Version | => 3.0PR17Q4 |
| 2017-09-22 18:28 | hudsonbot | Checkin | |
| 2017-09-22 18:28 | hudsonbot | Note Added: 0099501 | |
| 2017-09-26 13:20 | caristu | Relationship added | causes 0036953 |
| 2019-05-27 17:12 | mtaal | Relationship added | related to 0039784 |
|
Notes |
|
|
|
Problem is reproducible in any window.
You are not able to edit records belonging to organizations you don't have access to (which is ok).
You are able to create records belonging to organizations you have access to (which is ok), but being children of records belonging to organizations you don't have access to (which is not ok). |
|
|
|
|
|
Setting as feedback as this issue is under internal discussion on how it should be addressed. |
|
|
|
(0099069)
|
|
hgbot
|
|
2017-09-15 12:31
|
|
Repository: erp/devel/pi
Changeset: 0c8047a2daa39f0c4daacccad122b69517a203e0
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Fri Sep 15 12:27:06 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa39f0c4daacccad122b69517a203e0 [^]
Fixes issue 36725: Check role write access to organization of parent record
If the current role does not have writable access to the record selected in a tab, the user should not be allowed to create records in its subtabs.
Now this is taken into account in order to enable/disable the toolbar buttons that create new records, and also in the logic that creates a link to create new records in a tab if the gr
id is currently empty.
Now it will not be possible to enter records in a subtab if:
- The subtab has an editable organization field
- The user's role does not have writable access to the organization of the record selected in the parent tab.
Now the list of the current role of the user writable organizations is available in OB.User.writableOrganizations.
---
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/toolbar/ob-toolbar.js
M modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java
M modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/templates/application-dynamic-js.ftl
---
|
|
|
|
(0099093)
|
|
hgbot
|
|
2017-09-18 10:23
|
|
Repository: erp/devel/pi
Changeset: f9da9c951a5dbec42cd7630692e55b7dd2c50f79
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Mon Sep 18 10:20:43 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/f9da9c951a5dbec42cd7630692e55b7dd2c50f79 [^]
Related with issue 36725: Prevents error when opening direct subtab
The following case was not working:
- Open Window, Tabs and Fields
- Select any field, open it in form view
- Click on the "Column" field title. It should open the Tables and Columns window and focus on the Column tab, but it will fail.
This happens because it was not enough to check if this.parentView.viewGrid.getSelectedRecord() was null, it could also be undefined.
---
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
---
|
|
|
|
|
|
|
|
|
|
|
|
(0099464)
|
|
caristu
|
2017-09-22 10:10
(edited on: 2017-09-22 10:13) |
|
|
|
|
(0099474)
|
|
hgbot
|
|
2017-09-22 11:04
|
|
Repository: erp/devel/pi
Changeset: cf859d178908414a35b159d55df22169cc7afd3d
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Fri Sep 22 10:40:47 2017 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/cf859d178908414a35b159d55df22169cc7afd3d [^]
Fixes issue 36725: Records cannot be created using grid's contextual menu
Now if the user cannot add records because its role does not have access to the organization selected in the parent tab, it will not be possible
to add records using the grid's contextual menu.
This needs to be addressed in two different contextuals menus:
- The one shown when right-clicking on a grid record
- The one shown when right-clicking on the grid empty space
Also, simplifies an if condition to check for null/undefined
---
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js
M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js
---
|
|
|
|
|
|
Code reviewed + tested OK. |
|
|
|
|
|