Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0038011Retail ModulesWeb POSpublic2018-02-27 17:262018-03-06 16:15
Reportermarvintm 
Assigned Tojorge-garcia 
PriorityurgentSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in VersionRR18Q2 
Merge Request Status
Review Assigned Tomarvintm
OBNetwork customer
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0038011: There are some SecuredJSONProcess classes which do not specify preference to check
DescriptionThe SecuredJSONProcess class provides a mechanism to associate the class to the functionality it provides via the preference that it is used to secure it. However, some classes are not specifying this permission, which allows roles without the preference to generate a request which will be accepted by the backend server.
Steps To Reproduce.
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
related to defect 0038343 closed jorge-garcia Permission error when reject quotation 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2018-02-27 17:26marvintmNew Issue
2018-02-27 17:26marvintmAssigned To => Retail
2018-02-27 17:26marvintmTriggers an Emergency Pack => No
2018-02-27 17:31hgbotCheckin
2018-02-27 17:31hgbotNote Added: 0102855
2018-02-27 17:32hgbotCheckin
2018-02-27 17:32hgbotNote Added: 0102856
2018-02-27 17:45jorge-garciaStatusnew => scheduled
2018-02-27 17:45jorge-garciaAssigned ToRetail => jorge-garcia
2018-03-01 09:43hgbotCheckin
2018-03-01 09:43hgbotNote Added: 0102893
2018-03-01 09:44hgbotCheckin
2018-03-01 09:44hgbotNote Added: 0102894
2018-03-01 09:44hgbotCheckin
2018-03-01 09:44hgbotNote Added: 0102895
2018-03-01 09:44hgbotCheckin
2018-03-01 09:44hgbotNote Added: 0102896
2018-03-01 09:44hgbotCheckin
2018-03-01 09:44hgbotNote Added: 0102897
2018-03-02 09:04hgbotCheckin
2018-03-02 09:04hgbotNote Added: 0102906
2018-03-02 09:04hgbotCheckin
2018-03-02 09:04hgbotNote Added: 0102907
2018-03-02 09:05hgbotCheckin
2018-03-02 09:05hgbotNote Added: 0102908
2018-03-02 09:05hgbotCheckin
2018-03-02 09:05hgbotNote Added: 0102909
2018-03-02 12:26hgbotCheckin
2018-03-02 12:26hgbotNote Added: 0102915
2018-03-05 12:52jorge-garciaStatusscheduled => resolved
2018-03-05 12:52jorge-garciaFixed in Version => RR18Q2
2018-03-05 12:52jorge-garciaResolutionopen => fixed
2018-03-06 16:15marvintmReview Assigned To => marvintm
2018-03-06 16:15marvintmStatusresolved => closed
2018-04-12 14:01rafarodaRelationship addedrelated to 0038343

Notes
(0102855)
hgbot   
2018-02-27 17:31   
Repository: erp/pmods/org.openbravo.mobile.core
Changeset: 02f0d7a4c188170382e2ba1e6a8b1f0fef98abf6
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:30:48 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/02f0d7a4c188170382e2ba1e6a8b1f0fef98abf6 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for mobile core module.

---
M src/org/openbravo/mobile/core/servercontroller/SynchronizedServerProcessCaller.java
---
(0102856)
hgbot   
2018-02-27 17:32   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 522297061bccd57c1857bf872ebbce731cc32fcb
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:32:16 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/522297061bccd57c1857bf872ebbce731cc32fcb [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for posterminal module.

---
M src/org/openbravo/retail/posterminal/CancelLayawayLoader.java
M src/org/openbravo/retail/posterminal/CheckProcessingMessage.java
M src/org/openbravo/retail/posterminal/CheckTerminalAuth.java
M src/org/openbravo/retail/posterminal/ProcessCashClose.java
M src/org/openbravo/retail/posterminal/ProcessCashCloseMaster.java
M src/org/openbravo/retail/posterminal/ProcessCashCloseSlave.java
M src/org/openbravo/retail/posterminal/ProcessCashMgmt.java
M src/org/openbravo/retail/posterminal/ProcessCashMgmtMaster.java
M src/org/openbravo/retail/posterminal/QuotationsReject.java
M src/org/openbravo/retail/posterminal/process/IsOrderCancelled.java
M src/org/openbravo/retail/posterminal/term/CloseCashPayments.java
M src/org/openbravo/retail/posterminal/term/Payments.java
---
(0102893)
hgbot   
2018-03-01 09:43   
Repository: erp/pmods/org.openbravo.mobile.procurement
Changeset: ab9cdcf6dac7702854eed039800685023d0652c4
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:42:52 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.procurement/rev/ab9cdcf6dac7702854eed039800685023d0652c4 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for mobile procurement module.

---
M src/org/openbravo/mobile/procurement/sync/SetBusinessPartner.java
M src/org/openbravo/mobile/procurement/term/BusinessPartner.java
---
(0102894)
hgbot   
2018-03-01 09:44   
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory
Changeset: 331e0b7b7cad3618496a5f9365be9ca01a22a353
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:42:16 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/331e0b7b7cad3618496a5f9365be9ca01a22a353 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for mobile warehouse physicalinventory module.

---
M src/org/openbravo/mobile/warehouse/physicalinventory/ProcessPhysicalInventory.java
---
(0102895)
hgbot   
2018-03-01 09:44   
Repository: erp/pmods/org.openbravo.retail.discounts.coupons
Changeset: 86871cb5a35ca5a5499672d9c875b1cc94a1a065
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:40:56 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.discounts.coupons/rev/86871cb5a35ca5a5499672d9c875b1cc94a1a065 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for discount coupons module.

---
M src/org/openbravo/retail/discounts/coupons/CouponUsed.java
---
(0102896)
hgbot   
2018-03-01 09:44   
Repository: erp/pmods/org.openbravo.retail.verystar
Changeset: e795cbd5a7c364d9c1c49b311d8444e7af8fc77d
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:36:46 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.verystar/rev/e795cbd5a7c364d9c1c49b311d8444e7af8fc77d [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for verystar module.

---
M src/org/openbravo/retail/verystar/model/VerystarProperties.java
---
(0102897)
hgbot   
2018-03-01 09:44   
Repository: erp/pmods/org.openbravo.retail.loyalty
Changeset: 015503a780db26f7443ae9b58c0f3c7058979346
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:35:37 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.loyalty/rev/015503a780db26f7443ae9b58c0f3c7058979346 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for loyalty module.

---
M src/org/openbravo/retail/loyalty/communication/PointsBalanceRequest.java
---
(0102906)
hgbot   
2018-03-02 09:04   
Repository: erp/pmods/org.openbravo.retail.giftcards
Changeset: 287f64e0f9184644540f73371d523fa38af27ee0
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:43:59 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.giftcards/rev/287f64e0f9184644540f73371d523fa38af27ee0 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for giftcards module.

---
M src/org/openbravo/retail/giftcards/CancelGiftCard.java
M src/org/openbravo/retail/giftcards/CancelGiftCardTransaction.java
M src/org/openbravo/retail/giftcards/CheckDuplicityOfID.java
M src/org/openbravo/retail/giftcards/CloseGiftCard.java
M src/org/openbravo/retail/giftcards/ConsumeGiftCardAmount.java
M src/org/openbravo/retail/giftcards/ConsumeGiftCardLines.java
M src/org/openbravo/retail/giftcards/FindCreditNote.java
M src/org/openbravo/retail/giftcards/FindGiftCards.java
M src/org/openbravo/retail/giftcards/GiftCardCertificate.java
M src/org/openbravo/retail/giftcards/ListGiftCard.java
M src/org/openbravo/retail/giftcards/RevertGiftCardAmount.java
M src/org/openbravo/retail/giftcards/master/CashMgmtEvents.java
M src/org/openbravo/retail/giftcards/master/GiftCardReason.java
---
(0102907)
hgbot   
2018-03-02 09:04   
Repository: erp/pmods/org.openbravo.retail.stockvalidation
Changeset: 019c25673b879b9240635a32e1339105b3d05c90
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:38:58 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.stockvalidation/rev/019c25673b879b9240635a32e1339105b3d05c90 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for stockvalidation module.

---
M src/org/openbravo/retail/stockvalidation/OrderFromQuotationStockChecker.java
M src/org/openbravo/retail/stockvalidation/StockChecker.java
---
(0102908)
hgbot   
2018-03-02 09:05   
Repository: erp/pmods/org.openbravo.retail.sessions
Changeset: cf2a7175d8cf78c9d82b6998922d8829639bdd3e
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:38:18 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.sessions/rev/cf2a7175d8cf78c9d82b6998922d8829639bdd3e [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for sessions module.

---
M src/org/openbravo/retail/sessions/SalesReportProcess.java
---
(0102909)
hgbot   
2018-03-02 09:05   
Repository: erp/pmods/org.openbravo.retail.selfcheckout
Changeset: 38162123af9023253e4c5098804e51a0524edf5c
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Tue Feb 27 17:36:16 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.selfcheckout/rev/38162123af9023253e4c5098804e51a0524edf5c [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Secure JSONProcesses for selfcheckout module.

---
M src/org/openbravo/retail/selfcheckout/model/OBSCOConfigurationProperties.java
---
(0102915)
hgbot   
2018-03-02 12:26   
Repository: erp/pmods/org.openbravo.retail.giftcards
Changeset: 4cd01d8a25d57bed10c5446af13bd32a00bd7fd1
Author: Jorge Garcia <jorge.garcia <at> openbravo.com>
Date: Fri Mar 02 12:24:26 2018 +0100
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.giftcards/rev/4cd01d8a25d57bed10c5446af13bd32a00bd7fd1 [^]

Related to issue 38011: There are some SecuredJSONProcess classes which do not
specify preference to check

Revert two java classes which should not be changed.

---
M src/org/openbravo/retail/giftcards/master/CashMgmtEvents.java
M src/org/openbravo/retail/giftcards/master/GiftCardReason.java
---