Openbravo Issue Tracking System - POS2 | ||||||||||||
| View Issue Details | ||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||||||
| 0054921 | POS2 | Core | public | 2024-03-12 10:59 | 2024-03-12 11:01 | |||||||
| Reporter | caristu | |||||||||||
| Assigned To | Triage Platform Base | |||||||||||
| Priority | normal | Severity | major | Reproducibility | have not tried | |||||||
| Status | new | Resolution | open | |||||||||
| Platform | OS | 5 | OS Version | |||||||||
| Product Version | ||||||||||||
| Target Version | Fixed in Version | |||||||||||
| Merge Request Status | ||||||||||||
| Review Assigned To | ||||||||||||
| OBNetwork customer | ||||||||||||
| Support ticket | ||||||||||||
| Regression level | ||||||||||||
| Regression date | ||||||||||||
| Regression introduced in release | ||||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0054921: User actions defined in standalone infrastructure modules cannot be securized | |||||||||||
| Description | User actions defined in standalone infrastructure modules cannot be securized. | |||||||||||
| Steps To Reproduce | 0) In a POS2 environment, install the org.openbravo.authentication.webauthn. This is an "infrastructure module". 1) Go to the [Role] window, select a role 2) Go to the [User Action Access] subtab and create a new record - User Action: "Register User" - active: false 3) Login in the POS with the role selected in step 1) 4) Click in the user button at the top-right part of the window. In the popup that is opened, note that the "WebAuthn Register" button is available (not disabled) although we should not have access to the "Register User" user action that this button triggers. | |||||||||||
| Proposed Solution | ||||||||||||
| Additional Information | ||||||||||||
| Tags | No tags attached. | |||||||||||
| Relationships |
| |||||||||||
| Attached Files | ||||||||||||
| Issue History | ||||||||||||
| Date Modified | Username | Field | Change | |||||||||
| 2024-03-12 10:59 | caristu | New Issue | ||||||||||
| 2024-03-12 10:59 | caristu | Assigned To | => Triage Platform Base | |||||||||
| 2024-03-12 10:59 | caristu | Triggers an Emergency Pack | => No | |||||||||
| 2024-03-12 11:00 | caristu | Relationship added | related to 0054737 | |||||||||
| 2024-03-12 11:01 | caristu | Note Added: 0162010 | ||||||||||
| 2024-03-12 11:01 | caristu | Summary | User actions defined in infrastructure modules cannot be securized => User actions defined in standalone infrastructure modules cannot be securized | |||||||||
| 2024-03-12 11:01 | caristu | Description Updated | bug_revision_view_page.php?rev_id=27671#r27671 | |||||||||
| Notes | |||||
|
|
|||||
|
|
||||