Openbravo Issue Tracking System - Openbravo ERP | ||||||||||||
View Issue Details | ||||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||||||
0055952 | Openbravo ERP | A. Platform | public | 2024-05-20 10:12 | 2024-07-11 14:32 | |||||||
Reporter | gorkaion | |||||||||||
Assigned To | eugen_hamuraru | |||||||||||
Priority | high | Severity | major | Reproducibility | always | |||||||
Status | closed | Resolution | fixed | |||||||||
Platform | OS | 5 | OS Version | |||||||||
Product Version | ||||||||||||
Target Version | PR24Q2.1 | Fixed in Version | ||||||||||
Merge Request Status | ||||||||||||
Review Assigned To | ||||||||||||
OBNetwork customer | ||||||||||||
Web browser | ||||||||||||
Modules | Core | |||||||||||
Support ticket | ||||||||||||
Regression level | ||||||||||||
Regression date | ||||||||||||
Regression introduced in release | ||||||||||||
Regression introduced by commit | ||||||||||||
Triggers an Emergency Pack | No | |||||||||||
Summary | 0055952: Extra acess required when return full object is enabled on POST Synchronous requests | |||||||||||
Description | On a POST endpoint with synchronous execution enabled and return object mapping configured. When trying to consume these endpoints with a manual role some extra accesses are required: - Read access to tables API_Export_Filter and OBEI_Entity_Mapping - Access to a window where the object created by the api can be viewed. By default only Giftcards allows sync execution and this endpoint does not require access to API_Export_Filter. Enabling the sync execution on other endpoints like business partner, coupons or suscriptions require the access to that table. | |||||||||||
Steps To Reproduce | - Create a Manual Role with restricted backend access and web services enabled. - Try to execute a POST request on an endpoint with _synchronous and _returnFullObject enabled. - Check the response is an error 500 with a truncated response message - Check there is no error in the openbravo.log | |||||||||||
Proposed Solution | - Allow executing POST requests with roles that do not have access to backend. - Do not require require access to API and EntityMapping tables if the role has the web service access granted. | |||||||||||
Additional Information | ||||||||||||
Tags | No tags attached. | |||||||||||
Relationships |
| |||||||||||
Attached Files | ||||||||||||
Issue History | ||||||||||||
Date Modified | Username | Field | Change | |||||||||
2024-07-09 12:14 | alostale | Type | defect => backport | |||||||||
2024-07-09 12:14 | alostale | Target Version | => PR24Q2.1 | |||||||||
2024-07-09 12:18 | hgbot | Note Added: 0166834 | ||||||||||
2024-07-11 14:32 | hgbot | Resolution | open => fixed | |||||||||
2024-07-11 14:32 | hgbot | Status | scheduled => closed | |||||||||
2024-07-11 14:32 | hgbot | Note Added: 0166901 | ||||||||||
2024-07-11 14:32 | hgbot | Note Added: 0166902 |
Notes | |||||
|
|||||
|
|
||||
|
|||||
|
|
||||
|
|||||
|
|