Openbravo Issue Tracking System - Retail Modules
View Issue Details
0040669Retail ModulesWeb POSpublic2019-04-24 12:562019-05-03 11:14
malsasua 
ranjith_qualiantech_com 
normalmajoralways
closedfixed 
5
 
RR19Q3 
guilleaer
No
0040669: Terminal can be linked in Terminal Authentication process by one user without permission for the store
The Terminal Authentication process can be executed by one user that he has not got permission for the store of terminal
in livebuilds
[BO]
. go to Role window:
- VallBlancaUser
- in Org Access tab:
- remove Vall Blanca Store record

. go to Preference window and enable the Terminal Authentication process


[POS]
- Terminal Authentication window is displayed
- link using vallblanca user
the link is done properly, and he has not got to VBS store
this code should be added in Terminal Authentication process:

      // Issue 28142: We also need to check if the organization of the user belongs to the natural
      // organization tree of the Terminal
      OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery(
          OBPOSApplications.class,
          "where searchKey = :terminalSearchKey and ((ad_isorgincluded("
              + "(select organization from ADUser where id= :userId)"
              + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, "
              + "(select organization from ADUser where id= :userId)" + ", client.id) <> -1)) ");
      appQry.setFilterOnReadableClients(false);
      appQry.setFilterOnReadableOrganization(false);
      appQry.setNamedParameter("terminalSearchKey", terminalSearchKey);
      appQry.setNamedParameter("userId", userId);
      List<OBPOSApplications> appList = appQry.list();
      if (appList.isEmpty()) {
        try {
          errorLogin(res, vars, session, "OBPOS_USER_NO_ACCESS_TO_TERMINAL_TITLE",
              "OBPOS_USER_TERMINAL_DIFFERENT_ORG_MSG", new ArrayList<String>() {
                private static final long serialVersionUID = 1L;
                {
                  add(terminalSearchKey);
                }
              });
        } catch (Exception e) {
          log4j.error("Error in login", e);
          return null;
        }
      }
No tags attached.
Issue History
2019-04-24 12:56malsasuaNew Issue
2019-04-24 12:56malsasuaAssigned To => Retail
2019-04-24 12:56malsasuaResolution time => 1557784800
2019-04-24 12:56malsasuaTriggers an Emergency Pack => No
2019-04-25 08:39ranjith_qualiantech_comAssigned ToRetail => ranjith_qualiantech_com
2019-04-25 09:07ranjith_qualiantech_comStatusnew => scheduled
2019-04-29 08:36hgbotCheckin
2019-04-29 08:36hgbotNote Added: 0111365
2019-04-29 08:36hgbotStatusscheduled => resolved
2019-04-29 08:36hgbotResolutionopen => fixed
2019-04-29 08:36hgbotFixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^]
2019-05-03 11:14guilleaerReview Assigned To => guilleaer
2019-05-03 11:14guilleaerStatusresolved => closed
2019-05-03 11:14guilleaerFixed in Version => RR19Q3

Notes
(0111365)
hgbot   
2019-04-29 08:36   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 98f8354d0b1a0f6c7961403fee7f46c7b0b37dec
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Mon Apr 29 11:56:41 2019 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^]

Fixed issue 40669 : User Role Organization must have access to the store organization

* During Terminal Authentication, if the store organization is not present in the users role organization,
  then authentication process should be prevented
* Above Validation added when doing login and in terminal authentication

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
M src/org/openbravo/retail/posterminal/POSLoginHandler.java
---