Openbravo Issue Tracking System - Openbravo ERP |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0006199 | Openbravo ERP | C. Security | public | 2008-11-26 02:16 | 2009-04-21 12:39 |
|
| Reporter | eintelau | |
| Assigned To | alostale | |
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | 5 | OS Version | |
| Product Version | 2.40 | |
| Target Version | | Fixed in Version | pi | |
| Merge Request Status | |
| Review Assigned To | |
| OBNetwork customer | |
| Web browser | |
| Modules | Core |
| Support ticket | |
| Regression level | |
| Regression date | |
| Regression introduced in release | |
| Regression introduced by commit | |
| Triggers an Emergency Pack | No |
|
| Summary | 0006199: Role with Organisation access can't fill out many required combos |
| Description | A Role that just has Organisation access (no Client, no *) is not able to use many forms/reports because the data for required combos is restricted to Organisation=* access (ie the required combos have an empty list of options).
This is due to the security review which removed the * org from the #User_Org list. The WAD generated code has been updated to use #AccessibleOrgTree but none of the forms, reports, etc have been updated.
I believe this is a significant issue and should be fixed in a 2.40 release as well as trunk. |
| Steps To Reproduce | Behaviour can be seen in many places.
1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User).
2) Go to Financial Management | Accounting | Analysis Tools | General Ledger Report
3) Try to select the Accounting Schema. Dropdown is empty
4) Cannot submit report.
or
1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User).
2) Go to Business Partner | Location tab
3) Create a new Location
4) Edit the address
5) Cannot select required fields region/country from dropdown
6) Cannot save new address
|
| Proposed Solution | Update all forms/reports/etc to use #AccessibleOrgTree instead of #User_Org in the appropriate places. In particular this means any use of ComboTableData.
The attached file contains a patch with modifications for the Openbravo 2.40 and trunk. Given the size of the change I believe it needs review rather than me committing it directly. |
| Additional Information | |
| Tags | platform1_sprint1 |
| Relationships | | depends on | backport | 0006813 | | closed | alostale | Role with Organisation access can't fill out many required combos | | related to | defect | 0009183 | | closed | iperdomo | Organization combobox of the Account Selector doesn't display summary level orgs | | causes | defect | 0027953 | | closed | jorge-garcia | AccessibleOrgTree wrongly used in some reports may create security issues |
|
| Attached Files |  AccessibleOrgTree-patch.zip (72,630) 2008-11-26 02:16
https://issues.openbravo.com/file_download.php?file_id=463&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2008-11-26 02:16 | eintelau | New Issue | |
| 2008-11-26 02:16 | eintelau | Assigned To | => rafaroda |
| 2008-11-26 02:16 | eintelau | sf_bug_id | 0 => 2347559 |
| 2008-11-26 02:16 | eintelau | File Added: AccessibleOrgTree-patch.zip | |
| 2008-12-02 23:40 | eintelau | Issue Monitored: eintelau | |
| 2008-12-03 19:03 | pjuvara | Priority | normal => high |
| 2008-12-09 13:41 | pheenan | Assigned To | rafaroda => pheenan |
| 2008-12-17 09:26 | rafaroda | Note Added: 0011463 | |
| 2008-12-17 09:26 | rafaroda | Assigned To | pheenan => alostale |
| 2008-12-17 09:26 | rafaroda | Status | new => acknowledged |
| 2008-12-17 11:02 | alostale | Tag Attached: platform1_sprint1 | |
| 2009-01-09 11:32 | psarobe | Priority | high => urgent |
| 2009-01-09 11:32 | psarobe | Status | acknowledged => scheduled |
| 2009-01-09 11:32 | psarobe | fix_in_branch | => trunk |
| 2009-01-30 17:40 | svnbot | Checkin | |
| 2009-01-30 17:40 | svnbot | Note Added: 0012936 | |
| 2009-01-30 17:40 | svnbot | svn_revision | => 12571 |
| 2009-02-02 10:13 | svnbot | Checkin | |
| 2009-02-02 10:13 | svnbot | Note Added: 0012983 | |
| 2009-02-02 10:13 | svnbot | svn_revision | 12571 => 12632 |
| 2009-02-02 10:14 | svnbot | Checkin | |
| 2009-02-02 10:14 | svnbot | Note Added: 0012984 | |
| 2009-02-02 10:14 | svnbot | svn_revision | 12632 => 12633 |
| 2009-02-02 10:51 | svnbot | Checkin | |
| 2009-02-02 10:51 | svnbot | Note Added: 0012994 | |
| 2009-02-02 10:51 | svnbot | svn_revision | 12633 => 12638 |
| 2009-02-02 13:45 | svnbot | Checkin | |
| 2009-02-02 13:45 | svnbot | Note Added: 0013012 | |
| 2009-02-02 13:45 | svnbot | svn_revision | 12638 => 12655 |
| 2009-02-02 13:58 | svnbot | Checkin | |
| 2009-02-02 13:58 | svnbot | Note Added: 0013015 | |
| 2009-02-02 13:58 | svnbot | svn_revision | 12655 => 12660 |
| 2009-02-02 15:05 | svnbot | Checkin | |
| 2009-02-02 15:05 | svnbot | Note Added: 0013018 | |
| 2009-02-02 15:05 | svnbot | svn_revision | 12660 => 12663 |
| 2009-02-02 15:21 | svnbot | Checkin | |
| 2009-02-02 15:21 | svnbot | Note Added: 0013022 | |
| 2009-02-02 15:21 | svnbot | svn_revision | 12663 => 12666 |
| 2009-02-02 17:05 | alostale | Status | scheduled => resolved |
| 2009-02-02 17:05 | alostale | Fixed in Version | => trunk |
| 2009-02-02 17:05 | alostale | Resolution | open => fixed |
| 2009-04-21 02:53 | eintelau | Issue End Monitor: eintelau | |
| 2009-04-21 12:39 | psarobe | Status | resolved => closed |
| 2009-05-26 14:08 | vmromanos | Relationship added | related to 0009183 |
| 2014-10-22 18:52 | vmromanos | Relationship added | causes 0027953 |
|
Notes |
|
|
|
|
Asier, could you please review if this is really a bug and take a look at the patch? Thank you. |
|
|
|
(0012936)
|
|
svnbot
|
|
2009-01-30 17:40
|
|
Repository: openbravo
Revision: 12571
Author: alostale
Date: 2009-01-30 17:40:33 +0100 (Fri, 30 Jan 2009)
related to issue 0006199: Fixed org in selectors
---
U trunk/src/org/openbravo/erpCommon/info/Account.java
U trunk/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java
U trunk/src/org/openbravo/erpCommon/info/DebtPayment.java
U trunk/src/org/openbravo/erpCommon/info/ImageInfo.java
U trunk/src/org/openbravo/erpCommon/info/InvoiceLine.java
U trunk/src/org/openbravo/erpCommon/info/Location.java
U trunk/src/org/openbravo/erpCommon/info/Locator.java
U trunk/src/org/openbravo/erpCommon/info/Product.java
U trunk/src/org/openbravo/erpCommon/info/ProductComplete.java
U trunk/src/org/openbravo/erpCommon/info/ProductMultiple.java
U trunk/src/org/openbravo/erpCommon/info/Project.java
U trunk/src/org/openbravo/erpCommon/info/SalesOrder.java
U trunk/src/org/openbravo/erpCommon/info/SalesOrderLine.java
U trunk/src/org/openbravo/erpCommon/info/ShipmentReceipt.java
U trunk/src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12571&sc=1 [^]
|
|
|
|
(0012983)
|
|
svnbot
|
|
2009-02-02 10:13
|
|
Repository: openbravo
Revision: 12632
Author: alostale
Date: 2009-02-02 10:13:13 +0100 (Mon, 02 Feb 2009)
related to issue 0006199:
Fixed org in ad_reports
---
U trunk/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
U trunk/src/org/openbravo/erpCommon/ad_reports/MInOutTraceReports.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAccountingCountDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAgingBalance.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAnnualCertification.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBank.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBankJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBudgetGenerateExcel.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCash.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashFlow.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashflowForecast.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportDebtPayment.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportDebtPaymentTrack.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportExpense.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGuaranteeDateJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInventory.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerEdition.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscount.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscountJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoices.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoicesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEdition.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEditionJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportOffer.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportOrderNotInvoiceJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportParetoProduct.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPendingProductionJr.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPricelist.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductMovement.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProduction.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionCost.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionRunJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSite.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSiteJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectProfitabilityJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectProgress.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPurchaseDimensionalAnalysesJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportRefundInvoiceCustomerDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportRefundSalesDimensionalAnalyses.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderInvoicedJasper.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItem.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItemJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderProvidedJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipmentEditionJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipper.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportStandardCostJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignment.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignmentJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTotalProductTemplate.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalanceDetail.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportValuationStock.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseControl.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseDetailInventoryJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehousePartnerJR.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDaily.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDailyEnv.java
U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementJR.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12632&sc=1 [^]
|
|
|
|
(0012984)
|
|
svnbot
|
|
2009-02-02 10:14
|
|
Repository: openbravo
Revision: 12633
Author: alostale
Date: 2009-02-02 10:14:32 +0100 (Mon, 02 Feb 2009)
related to issue 0006199:
fixed or in erpReports
---
U trunk/src/org/openbravo/erpReports/RptC_Proposal.java
U trunk/src/org/openbravo/erpReports/RptC_ProposalJr.java
U trunk/src/org/openbravo/erpReports/RptC_Remittance.java
U trunk/src/org/openbravo/erpReports/RptC_RemittanceJR.java
U trunk/src/org/openbravo/erpReports/RptC_Settlement.java
U trunk/src/org/openbravo/erpReports/RptPromissoryNote.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12633&sc=1 [^]
|
|
|
|
(0012994)
|
|
svnbot
|
|
2009-02-02 10:51
|
|
Repository: openbravo
Revision: 12638
Author: alostale
Date: 2009-02-02 10:51:14 +0100 (Mon, 02 Feb 2009)
related to issue 0006199: fixed org in callouts
---
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Invoice_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Order_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Project_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Proposal_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Wh_SchedulePeriod.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_CreateFromMultiple_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_InOut_BPartner.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Invoice_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Order_DocType.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Order_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Payment_Amounts.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_SequenceProduct_Product.java
U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_WRPhaseProduct_Product.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12638&sc=1 [^]
|
|
|
|
(0013012)
|
|
svnbot
|
|
2009-02-02 13:45
|
|
Repository: openbravo
Revision: 12655
Author: alostale
Date: 2009-02-02 13:45:50 +0100 (Mon, 02 Feb 2009)
related to issue 0006199: fixed org in action buttons
---
U trunk/src/org/openbravo/erpCommon/ad_actionButton/ActionButtonUtility.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFile.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFrom.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFromMultiple.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/ProjectSetType.java
U trunk/src/org/openbravo/erpCommon/ad_actionButton/UpdateMaintenanceScheduled.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12655&sc=1 [^]
|
|
|
|
(0013015)
|
|
svnbot
|
|
2009-02-02 13:58
|
|
Repository: openbravo
Revision: 12660
Author: alostale
Date: 2009-02-02 13:57:58 +0100 (Mon, 02 Feb 2009)
related to issue 0006199: fixed org in ad process
---
U trunk/src/org/openbravo/erpCommon/ad_process/CashBankOperations.java
U trunk/src/org/openbravo/erpCommon/ad_process/ChangeOrderOrg.java
U trunk/src/org/openbravo/erpCommon/ad_process/CreateTaxReport.java
U trunk/src/org/openbravo/erpCommon/ad_process/ExpenseAPInvoice.java
U trunk/src/org/openbravo/erpCommon/ad_process/GenerateHelp.java
U trunk/src/org/openbravo/erpCommon/ad_process/ImportAccountServlet.java
U trunk/src/org/openbravo/erpCommon/ad_process/ImportBudgetServlet.java
U trunk/src/org/openbravo/erpCommon/ad_process/PriceListCreateAll.java
U trunk/src/org/openbravo/erpCommon/ad_process/SendMailText.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12660&sc=1 [^]
|
|
|
|
(0013018)
|
|
svnbot
|
|
2009-02-02 15:05
|
|
Repository: openbravo
Revision: 12663
Author: alostale
Date: 2009-02-02 15:05:03 +0100 (Mon, 02 Feb 2009)
related to issue 0006199: fixed org in forms
---
U trunk/src/org/openbravo/erpCommon/ad_forms/AlertManagement.java
U trunk/src/org/openbravo/erpCommon/ad_forms/FileImport.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InitialClientSetup.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InitialOrgSetup.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline.java
U trunk/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline_Lines.java
U trunk/src/org/openbravo/erpCommon/ad_forms/ModuleManagement.java
U trunk/src/org/openbravo/erpCommon/ad_forms/RequisitionToOrder.java
U trunk/src/org/openbravo/erpCommon/ad_forms/ShowSessionPreferences.java
U trunk/src/org/openbravo/erpCommon/ad_process/CreateAccountingReport.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12663&sc=1 [^]
|
|
|
|
(0013022)
|
|
svnbot
|
|
2009-02-02 15:21
|
|
Repository: openbravo
Revision: 12666
Author: alostale
Date: 2009-02-02 15:21:15 +0100 (Mon, 02 Feb 2009)
related to issue 0006199: fixed org in others
---
U trunk/src/org/openbravo/erpCommon/ad_workflow/WorkflowControl.java
U trunk/src/org/openbravo/erpCommon/businessUtility/Buscador.java
U trunk/src/org/openbravo/erpCommon/businessUtility/TabAttachments.java
U trunk/src/org/openbravo/erpCommon/utility/Utility.java
U trunk/src/org/openbravo/erpCommon/utility/VerticalMenu.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12666&sc=1 [^]
|
|