Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0056631 | Openbravo ERP | C. Security | public | 2024-10-03 09:07 | 2025-03-27 15:47 |
|
| Reporter | eduardo_Argal | |
| Assigned To | AugustoMauch | |
| Priority | immediate | Severity | major | Reproducibility | always |
| Status | closed | Resolution | duplicate | |
| Platform | | OS | 5 | OS Version | |
| Product Version | pi | |
| Target Version | pi | Fixed in Version | | |
| Merge Request Status | approved |
| Review Assigned To | |
| OBNetwork customer | No |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | Production - Confirmed Stable |
| Regression date | 2023-10-17 |
| Regression introduced in release | PR24Q1 |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0056631: A user with a not Manual role can access, edit and create transactions in any organization |
| Description | A user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store. |
| Steps To Reproduce | 1) Log as Orhi Store User
2) Go to Purchase Order Window
3) Create a new record
4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role
5) change the configuration for the role to Manual
6) Repeat the steps and mind that now the organizatiuon combo works properly |
| Proposed Solution | Workaround: it is possible to prevent access to organizations for automatic roles by creating those roles as disable (Active = false) in the Role > Org Access tab. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | | depends on | backport | 0057255 | PR24Q4.2 | new | Triage Platform Base | A user with a not Manual role can access, edit and create transactions in any organization | | depends on | backport | 0058045 | PR25Q1.1 | scheduled | Triage Platform Base | A user with a not Manual role can access, edit and create transactions in any organization | | caused by | defect | 0053408 | | closed | ablasco | Do not persist access for automatic roles | | Not all the children of this issue are yet resolved or closed. |
|
| Attached Files | |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2024-10-03 09:07 | eduardo_Argal | New Issue | |
| 2024-10-03 09:07 | eduardo_Argal | Assigned To | => alostale |
| 2024-10-03 09:07 | eduardo_Argal | OBNetwork customer | => No |
| 2024-10-03 09:07 | eduardo_Argal | Modules | => Core |
| 2024-10-03 09:07 | eduardo_Argal | Regression level | => Production - Confirmed Stable |
| 2024-10-03 09:07 | eduardo_Argal | Triggers an Emergency Pack | => No |
| 2024-10-15 10:34 | alostale | Assigned To | alostale => Triage Platform Base |
| 2024-10-17 14:38 | AugustoMauch | Proposed Solution updated | |
| 2024-10-17 14:39 | AugustoMauch | Proposed Solution updated | |
| 2024-11-22 11:13 | AugustoMauch | Status | new => scheduled |
| 2024-11-25 23:27 | hgbot | Merge Request Status | => open |
| 2024-11-25 23:27 | hgbot | Note Added: 0172565 | |
| 2024-11-28 10:32 | alostale | Relationship added | caused by 0053408 |
| 2024-11-28 10:33 | alostale | Regression date | => 2023-10-17 |
| 2024-11-28 10:33 | alostale | Regression introduced in release | => PR24Q1 |
| 2024-11-28 10:36 | alostale | Proposed Solution updated | |
| 2025-02-12 11:46 | hgbot | Merge Request Status | open => approved |
| 2025-02-21 08:34 | AugustoMauch | Status | scheduled => closed |
| 2025-02-21 08:35 | AugustoMauch | Status | closed => new |
| 2025-02-21 08:35 | AugustoMauch | Status | new => scheduled |
| 2025-02-21 08:37 | hgbot | Resolution | open => fixed |
| 2025-02-21 08:37 | hgbot | Status | scheduled => closed |
| 2025-02-21 08:37 | hgbot | Fixed in Version | => PR25Q2 |
| 2025-02-21 08:37 | hgbot | Note Added: 0176000 | |
| 2025-02-21 08:37 | hgbot | Note Added: 0176001 | |
| 2025-02-21 09:11 | hgbot | Note Added: 0176002 | |
| 2025-02-21 09:12 | hgbot | Fixed in Version | PR25Q2 => PR24Q4.1 |
| 2025-02-21 09:12 | hgbot | Note Added: 0176003 | |
| 2025-02-21 09:12 | hgbot | Note Added: 0176004 | |
| 2025-02-21 10:20 | hgbot | Fixed in Version | PR24Q4.1 => PR25Q2 |
| 2025-02-21 10:20 | hgbot | Note Added: 0176012 | |
| 2025-02-23 23:23 | hgbot | Note Added: 0176054 | |
| 2025-02-24 00:18 | hgbot | Note Added: 0176055 | |
| 2025-02-24 08:44 | AugustoMauch | Note Added: 0176061 | |
| 2025-02-24 08:44 | AugustoMauch | Status | closed => new |
| 2025-02-24 08:44 | AugustoMauch | Resolution | fixed => open |
| 2025-02-24 08:44 | AugustoMauch | Fixed in Version | PR25Q2 => |
| 2025-02-24 08:44 | AugustoMauch | Status | new => acknowledged |
| 2025-02-27 09:20 | hgbot | Resolution | open => fixed |
| 2025-02-27 09:20 | hgbot | Status | acknowledged => closed |
| 2025-02-27 09:20 | hgbot | Fixed in Version | => PR24Q4.1 |
| 2025-02-27 09:20 | hgbot | Note Added: 0176192 | |
| 2025-03-27 15:46 | AugustoMauch | Assigned To | Triage Platform Base => |
| 2025-03-27 15:46 | AugustoMauch | Fixed in Version | PR24Q4.1 => |
| 2025-03-27 15:47 | AugustoMauch | Assigned To | => AugustoMauch |
| 2025-03-27 15:47 | hgbot | Note Added: 0177657 | |
| 2025-03-27 15:47 | hgbot | Resolution | fixed => duplicate |
|
Notes |
|
|
(0172565)
|
|
hgbot
|
|
2024-11-25 23:27
|
|
|
|
|
(0176000)
|
|
hgbot
|
|
2025-02-21 08:37
|
|
|
|
|
(0176001)
|
|
hgbot
|
|
2025-02-21 08:37
|
|
|
|
|
(0176002)
|
|
hgbot
|
|
2025-02-21 09:11
|
|
|
|
|
(0176003)
|
|
hgbot
|
|
2025-02-21 09:12
|
|
|
|
|
(0176004)
|
|
hgbot
|
|
2025-02-21 09:12
|
|
|
|
|
(0176012)
|
|
hgbot
|
|
2025-02-21 10:20
|
|
|
|
|
(0176054)
|
|
hgbot
|
|
2025-02-23 23:23
|
|
|
|
|
(0176055)
|
|
hgbot
|
|
2025-02-24 00:18
|
|
|
|
|
|
|
Reopened, because fix was backed out, it broke CI |
|
|
|
(0176192)
|
|
hgbot
|
|
2025-02-27 09:20
|
|
|
|
|
(0177657)
|
|
hgbot
|
|
2025-03-27 15:47
|
|
|