Openbravo Issue Tracking System - Retail Modules
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0043828Retail ModulesWeb POSpublic2020-04-22 17:402020-05-12 09:22
Reporterinaki_garcia 
Assigned Toranjith_qualiantech_com 
PriorityimmediateSeveritycriticalReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOS5OS Version
Product Version 
Target VersionFixed in VersionRR20Q3 
Merge Request Status
Review Assigned Tomarvintm
OBNetwork customerNo
Support ticket
Regression levelPackaging and release
Regression date2020-02-10
Regression introduced in releasemain
Regression introduced by commithttps://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c027ae221f7e [^]
Triggers an Emergency PackNo
Summary0043828: [20Q2] User access and visibility management per terminal via "POS Terminal Access" subtab no longer works
DescriptionEntering rows in the "POS Terminal Access" subtab in the "User" tab in the backend has lost its effect in specifying the users allowance in terminals at an Organization level, meaning that users sharing organization with the terminals will be listed in all of the terminals/touchpoints.

This regression is considered critical, since it poses an important security risk for organizations with many users and terminals. Reproducible in builds updated to 20Q2, but not in 20Q1.
Steps To Reproduce-- In the Backend
0. Log in the Backend with the "The White Valley Group Admin" role
1. Create a new user and save it
2. Add in a record with the "VallBlancaManual" Role in User Roles subtab and save it

-- In the Frontend
3. Navigate to the VBS-1 terminal
NOTICE that the created user appears listed, as expected

-- In the Backend
4. For the previously created user, add in a record with the "VBA1001" Touchpoint in the POS Terminal Access subtab, and save it

-- In the Frontend
5. Refresh the Web POS
NOTICE that the created user STILL appears, which is an incorrect. The user should only show in the specified VBA1001 terminal/touchpoint.
Proposed Solution
Additional Information
TagsNo tags attached.
Relationships
depends on backport 0043834RR20Q2 closed ranjith_qualiantech_com [20Q2] User access and visibility management per terminal via "POS Terminal Access" subtab no longer works 
caused by defect 0043085 closed ranjith_qualiantech_com LoginUtilsServlet makes an inefficient query to get user images 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2020-04-22 17:40inaki_garciaNew Issue
2020-04-22 17:40inaki_garciaAssigned To => Retail
2020-04-22 17:40inaki_garciaOBNetwork customer => No
2020-04-22 17:40inaki_garciaRegression level => Packaging and release
2020-04-22 17:40inaki_garciaTriggers an Emergency Pack => No
2020-04-22 17:44inaki_garciaDescription Updatedbug_revision_view_page.php?rev_id=20842#r20842
2020-04-22 17:52inaki_garciaDescription Updatedbug_revision_view_page.php?rev_id=20843#r20843
2020-04-23 07:08ranjith_qualiantech_comAssigned ToRetail => ranjith_qualiantech_com
2020-04-23 08:22ranjith_qualiantech_comRelationship addedcaused by 0043085
2020-04-23 08:23ranjith_qualiantech_comRegression levelPackaging and release => Pre packaging ( pi )
2020-04-23 08:23ranjith_qualiantech_comRegression date => 2020-02-10
2020-04-23 08:23ranjith_qualiantech_comRegression introduced in release => main
2020-04-23 08:23ranjith_qualiantech_comRegression introduced by commit => https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c027ae221f7e [^]
2020-04-23 11:46ranjith_qualiantech_comStatusnew => scheduled
2020-04-23 12:40ranjith_qualiantech_comRegression levelPre packaging ( pi ) => Packaging and release
2020-04-24 02:55hgbotCheckin
2020-04-24 02:55hgbotNote Added: 0119376
2020-04-24 02:55hgbotStatusscheduled => resolved
2020-04-24 02:55hgbotResolutionopen => fixed
2020-04-24 02:55hgbotFixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ea35a851d62e64667d4c3baf6a366163e9bc98c9 [^]
2020-04-28 13:29guilleaerNote Added: 0119467
2020-04-28 13:29guilleaerStatusresolved => new
2020-04-28 13:29guilleaerResolutionfixed => open
2020-04-28 13:30guilleaerStatusnew => scheduled
2020-04-29 05:49hgbotCheckin
2020-04-29 05:49hgbotNote Added: 0119482
2020-04-29 05:49hgbotStatusscheduled => resolved
2020-04-29 05:49hgbotResolutionopen => fixed
2020-04-29 05:49hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ea35a851d62e64667d4c3baf6a366163e9bc98c9 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/17735b88fc79e83e08d0e90949292c66c7329ec3 [^]
2020-04-29 09:15hgbotCheckin
2020-04-29 09:15hgbotNote Added: 0119486
2020-05-06 08:24marvintmReview Assigned To => marvintm
2020-05-06 08:24marvintmStatusresolved => closed
2020-05-06 08:24marvintmFixed in Version => RR20Q3
2020-05-12 07:13ranjith_qualiantech_comNote Added: 0119743
2020-05-12 07:13ranjith_qualiantech_comStatusclosed => new
2020-05-12 07:13ranjith_qualiantech_comResolutionfixed => open
2020-05-12 07:13ranjith_qualiantech_comFixed in VersionRR20Q3 =>
2020-05-12 07:13ranjith_qualiantech_comStatusnew => scheduled
2020-05-12 07:16hgbotCheckin
2020-05-12 07:16hgbotNote Added: 0119744
2020-05-12 07:16hgbotStatusscheduled => resolved
2020-05-12 07:16hgbotResolutionopen => fixed
2020-05-12 07:16hgbotFixed in SCM revisionhttp://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/17735b88fc79e83e08d0e90949292c66c7329ec3 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5fc23f1ec284a4cba03bf88fcade07f2558075a9 [^]
2020-05-12 07:27ranjith_qualiantech_comNote Edited: 0119743bug_revision_view_page.php?bugnote_id=0119743#r20995
2020-05-12 09:22marvintmStatusresolved => closed
2020-05-12 09:22marvintmFixed in Version => RR20Q3

Notes
(0119376)
hgbot   
2020-04-24 02:55   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: ea35a851d62e64667d4c3baf6a366163e9bc98c9
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Fri Apr 24 06:25:13 2020 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ea35a851d62e64667d4c3baf6a366163e9bc98c9 [^]

Fixed issue-43828 : Modified Login UserList query to list users based on Terminal Access

* If Pref. "Filter User based on Terminal Access", users added in Terminal Access will be listed
  If not enabled, either user should present in Terminal Access
     or user should not present in Terminal Access

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
---
(0119467)
guilleaer   
2020-04-28 13:29   
It seems that fix for issue is not working fine

Having 2 users
user A
user B

1 terminal
terminal T1

Go to users and add access for terminal t1 to user A

User A and User B are shown in web POS login screen. Only user A should be allowed
(0119482)
hgbot   
2020-04-29 05:49   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 17735b88fc79e83e08d0e90949292c66c7329ec3
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Wed Apr 29 09:18:39 2020 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/17735b88fc79e83e08d0e90949292c66c7329ec3 [^]

Fixed issue-43828 : Modified Login UserList query to list users based on Preference

* If Pref. "Filter User based on Terminal Access", is defined,
  it will list users only which are added under POS Terminal access tab
* If Pref. "Filter User based on Terminal Access", is not defined,
  if a user defined in particular terminals in POS Terminal access,
  user will be shown only in those terminals
  If user is not defined in POS Terminal access, then it will shown for all terminals
* Same query will be used to list the list for approvals

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
---
(0119486)
hgbot   
2020-04-29 09:15   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: ad1152576877be74f81b9ba611e7b3999a1825f3
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Wed Apr 29 12:45:14 2020 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ad1152576877be74f81b9ba611e7b3999a1825f3 [^]

Related to issue-43828 : Added method to preserve functionality in LoginUtilsServlet

* To Preserve Existing functionality,
  added method doFilterUserOnlyByTerminalAccessPreference without any parameter

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
---
(0119743)
ranjith_qualiantech_com   
2020-05-12 07:13   
(edited on: 2020-05-12 07:27)
Query performance was very slow due to Terminal Access and Preference join queries
(0119744)
hgbot   
2020-05-12 07:16   
Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 5fc23f1ec284a4cba03bf88fcade07f2558075a9
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Tue May 12 10:46:11 2020 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5fc23f1ec284a4cba03bf88fcade07f2558075a9 [^]

Fixed issue 43828 : Updated UserList Query to improve Performance

* Updated query by changing TerminalAccess and ADPreference table
  from FullJoin to Subquery to improve perfomance

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
---