Openbravo Issue Tracking System - Openbravo ERP
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0057255Openbravo ERPC. Securitypublic2024-10-03 09:072025-03-03 12:32
Reportereduardo_Argal 
Assigned ToTriage Platform Base 
PriorityimmediateSeveritymajorReproducibilityalways
StatusnewResolutionopen 
PlatformOS5OS Version
Product Versionpi 
Target VersionPR24Q4.2Fixed in Version 
Merge Request Statusapproved
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression levelProduction - Confirmed Stable
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary0057255: A user with a not Manual role can access, edit and create transactions in any organization
DescriptionA user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store.
Steps To Reproduce1) Log as Orhi Store User
2) Go to Purchase Order Window
3) Create a new record
4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role
5) change the configuration for the role to Manual
6) Repeat the steps and mind that now the organizatiuon combo works properly
Proposed SolutionCheck previous behavior:
- How is the org access provided? Only on role creation? On update as well?

Check workaround:
- Ensure that disabling the role_org record works as expected
Additional Information
TagsNo tags attached.
Relationships
blocks defect 0056631pi closed AugustoMauch A user with a not Manual role can access, edit and create transactions in any organization 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2024-11-22 11:13AugustoMauchTypedefect => backport
2024-11-22 11:13AugustoMauchTarget Versionpi => PR24Q4
2024-11-28 17:50AugustoMauchTarget VersionPR24Q4 => PR24Q4.1
2025-02-21 09:12AugustoMauchNote Added: 0176005
2025-02-21 09:12AugustoMauchNote Added: 0176006
2025-02-21 09:12AugustoMauchStatusscheduled => resolved
2025-02-21 09:12AugustoMauchFixed in SCM revision => https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/commit/e5fb01a0a2ae195cb818f478e91b40024ae03f72 [^]
2025-02-21 09:12AugustoMauchResolutionopen => fixed
2025-02-21 09:12AugustoMauchStatusresolved => closed
2025-02-27 09:17hgbotMerge Request Status => open
2025-02-27 09:17hgbotNote Added: 0176191
2025-02-27 09:19hgbotMerge Request Statusopen => approved
2025-02-27 09:20hgbotNote Added: 0176193
2025-02-27 09:21AugustoMauchStatusclosed => new
2025-02-27 09:21AugustoMauchResolutionfixed => open
2025-03-03 12:32AugustoMauchTarget VersionPR24Q4.1 => PR24Q4.2

Notes
(0176005)
AugustoMauch   
2025-02-21 09:12   
Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo [^] [^]
Changeset: e5fb01a0a2ae195cb818f478e91b40024ae03f72
Author: Augusto Mauch <amauch@orisha.com>
Date: 21-02-2025 09:11:16
URL: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/commit/e5fb01a0a2ae195cb818f478e91b40024ae03f72 [^] [^]

Fixes ISSUE-56631: Automatic role should only get auto write access to 0

Auto roles should get automatic read access to all orgs by default, but only to
write access to 0

---
M referencedata/sampledata/F_B_International_Group/AD_ROLE_ORGACCESS.xml
M src/org/openbravo/base/secureApp/LoginUtils.java
M src/org/openbravo/dal/core/OBContext.java
(0176006)
AugustoMauch   
2025-02-21 09:12   
https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1549 [^]
(0176191)
hgbot   
2025-02-27 09:17   
Merge Request created: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1561 [^]
(0176193)
hgbot   
2025-02-27 09:20   
Merge request merged: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1561 [^]