Openbravo Issue Tracking System - Retail Modules | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0040669 | Retail Modules | Web POS | public | 2019-04-24 12:56 | 2019-05-03 11:14 |
| Reporter | malsasua | ||||
| Assigned To | ranjith_qualiantech_com | ||||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | OS | 5 | OS Version | ||
| Product Version | |||||
| Target Version | Fixed in Version | RR19Q3 | |||
| Merge Request Status | |||||
| Review Assigned To | guilleaer | ||||
| OBNetwork customer | Gold | ||||
| Support ticket | 9338 | ||||
| Regression level | |||||
| Regression date | |||||
| Regression introduced in release | |||||
| Regression introduced by commit | |||||
| Triggers an Emergency Pack | No | ||||
| Summary | 0040669: Terminal can be linked in Terminal Authentication process by one user without permission for the store | ||||
| Description | The Terminal Authentication process can be executed by one user that he has not got permission for the store of terminal | ||||
| Steps To Reproduce | in livebuilds [BO] . go to Role window: - VallBlancaUser - in Org Access tab: - remove Vall Blanca Store record . go to Preference window and enable the Terminal Authentication process [POS] - Terminal Authentication window is displayed - link using vallblanca user the link is done properly, and he has not got to VBS store | ||||
| Proposed Solution | this code should be added in Terminal Authentication process: // Issue 28142: We also need to check if the organization of the user belongs to the natural // organization tree of the Terminal OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery( OBPOSApplications.class, "where searchKey = :terminalSearchKey and ((ad_isorgincluded(" + "(select organization from ADUser where id= :userId)" + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, " + "(select organization from ADUser where id= :userId)" + ", client.id) <> -1)) "); appQry.setFilterOnReadableClients(false); appQry.setFilterOnReadableOrganization(false); appQry.setNamedParameter("terminalSearchKey", terminalSearchKey); appQry.setNamedParameter("userId", userId); List<OBPOSApplications> appList = appQry.list(); if (appList.isEmpty()) { try { errorLogin(res, vars, session, "OBPOS_USER_NO_ACCESS_TO_TERMINAL_TITLE", "OBPOS_USER_TERMINAL_DIFFERENT_ORG_MSG", new ArrayList<String>() { private static final long serialVersionUID = 1L; { add(terminalSearchKey); } }); } catch (Exception e) { log4j.error("Error in login", e); return null; } } | ||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2019-04-24 12:56 | malsasua | New Issue | |||
| 2019-04-24 12:56 | malsasua | Assigned To | => Retail | ||
| 2019-04-24 12:56 | malsasua | OBNetwork customer | => Gold | ||
| 2019-04-24 12:56 | malsasua | Support ticket | => 9338 | ||
| 2019-04-24 12:56 | malsasua | Resolution time | => 1557784800 | ||
| 2019-04-24 12:56 | malsasua | Triggers an Emergency Pack | => No | ||
| 2019-04-25 08:39 | ranjith_qualiantech_com | Assigned To | Retail => ranjith_qualiantech_com | ||
| 2019-04-25 09:07 | ranjith_qualiantech_com | Status | new => scheduled | ||
| 2019-04-29 08:36 | hgbot | Checkin | |||
| 2019-04-29 08:36 | hgbot | Note Added: 0111365 | |||
| 2019-04-29 08:36 | hgbot | Status | scheduled => resolved | ||
| 2019-04-29 08:36 | hgbot | Resolution | open => fixed | ||
| 2019-04-29 08:36 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^] | ||
| 2019-05-03 11:14 | guilleaer | Review Assigned To | => guilleaer | ||
| 2019-05-03 11:14 | guilleaer | Status | resolved => closed | ||
| 2019-05-03 11:14 | guilleaer | Fixed in Version | => RR19Q3 | ||
| Notes | |||||
|
|
|||||
|
|
||||