Openbravo Issue Tracking System - Openbravo ERP | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0056631 | Openbravo ERP | C. Security | public | 2024-10-03 09:07 | 2024-10-17 14:39 |
| Reporter | eduardo_Argal | ||||
| Assigned To | Triage Platform Base | ||||
| Priority | immediate | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | OS | 5 | OS Version | ||
| Product Version | pi | ||||
| Target Version | pi | Fixed in Version | |||
| Merge Request Status | |||||
| Review Assigned To | |||||
| OBNetwork customer | |||||
| Web browser | |||||
| Modules | Core | ||||
| Support ticket | |||||
| Regression level | Production - Confirmed Stable | ||||
| Regression date | |||||
| Regression introduced in release | |||||
| Regression introduced by commit | |||||
| Triggers an Emergency Pack | No | ||||
| Summary | 0056631: A user with a not Manual role can access, edit and create transactions in any organization | ||||
| Description | A user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store. | ||||
| Steps To Reproduce | 1) Log as Orhi Store User 2) Go to Purchase Order Window 3) Create a new record 4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role 5) change the configuration for the role to Manual 6) Repeat the steps and mind that now the organizatiuon combo works properly | ||||
| Proposed Solution | Check previous behavior: - How is the org access provided? Only on role creation? On update as well? Check workaround: - Ensure that disabling the role_org record works as expected | ||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2024-10-03 09:07 | eduardo_Argal | New Issue | |||
| 2024-10-03 09:07 | eduardo_Argal | Assigned To | => alostale | ||
| 2024-10-03 09:07 | eduardo_Argal | Modules | => Core | ||
| 2024-10-03 09:07 | eduardo_Argal | Regression level | => Production - Confirmed Stable | ||
| 2024-10-03 09:07 | eduardo_Argal | Triggers an Emergency Pack | => No | ||
| 2024-10-15 10:34 | alostale | Assigned To | alostale => Triage Platform Base | ||
| 2024-10-17 14:38 | AugustoMauch | Proposed Solution updated | |||
| 2024-10-17 14:39 | AugustoMauch | Proposed Solution updated | |||
| There are no notes attached to this issue. |