Openbravo Issue Tracking System - Openbravo ERP |
View Issue Details |
|
ID | Project | Category | View Status | Date Submitted | Last Update |
0006813 | Openbravo ERP | C. Security | public | 2008-11-26 02:16 | 2009-03-04 17:51 |
|
Reporter | eintelau | |
Assigned To | alostale | |
Priority | urgent | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | |
Platform | | OS | 5 | OS Version | |
Product Version | 2.40 | |
Target Version | | Fixed in Version | 2.40MP3 | |
Merge Request Status | |
Review Assigned To | |
OBNetwork customer | |
Web browser | |
Modules | Core |
Support ticket | |
Regression level | |
Regression date | |
Regression introduced in release | |
Regression introduced by commit | |
Triggers an Emergency Pack | No |
|
Summary | 0006813: Role with Organisation access can't fill out many required combos |
Description | A Role that just has Organisation access (no Client, no *) is not able to use many forms/reports because the data for required combos is restricted to Organisation=* access (ie the required combos have an empty list of options).
This is due to the security review which removed the * org from the #User_Org list. The WAD generated code has been updated to use #AccessibleOrgTree but none of the forms, reports, etc have been updated.
I believe this is a significant issue and should be fixed in a 2.40 release as well as trunk. |
Steps To Reproduce | Behaviour can be seen in many places.
1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User).
2) Go to Financial Management | Accounting | Analysis Tools | General Ledger Report
3) Try to select the Accounting Schema. Dropdown is empty
4) Cannot submit report.
or
1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User).
2) Go to Business Partner | Location tab
3) Create a new Location
4) Edit the address
5) Cannot select required fields region/country from dropdown
6) Cannot save new address
|
Proposed Solution | Update all forms/reports/etc to use #AccessibleOrgTree instead of #User_Org in the appropriate places. In particular this means any use of ComboTableData.
The attached file contains a patch with modifications for the Openbravo 2.40 and trunk. Given the size of the change I believe it needs review rather than me committing it directly. |
Additional Information | |
Tags | No tags attached. |
Relationships | blocks | defect | 0006199 | | closed | alostale | Role with Organisation access can't fill out many required combos |
|
Attached Files | |
|
Issue History |
Date Modified | Username | Field | Change |
2009-01-09 11:32 | psarobe | Type | defect => backport |
2009-01-09 11:32 | psarobe | fix_in_branch | => 2.40 |
2009-02-02 09:57 | svnbot | Checkin | |
2009-02-02 09:57 | svnbot | Note Added: 0012978 | |
2009-02-02 09:57 | svnbot | svn_revision | => 12630 |
2009-02-02 10:00 | svnbot | Checkin | |
2009-02-02 10:00 | svnbot | Note Added: 0012979 | |
2009-02-02 10:00 | svnbot | svn_revision | 12630 => 12631 |
2009-02-02 10:49 | svnbot | Checkin | |
2009-02-02 10:49 | svnbot | Note Added: 0012992 | |
2009-02-02 10:49 | svnbot | svn_revision | 12631 => 12636 |
2009-02-02 13:44 | svnbot | Checkin | |
2009-02-02 13:44 | svnbot | Note Added: 0013011 | |
2009-02-02 13:44 | svnbot | svn_revision | 12636 => 12654 |
2009-02-02 13:57 | svnbot | Checkin | |
2009-02-02 13:57 | svnbot | Note Added: 0013014 | |
2009-02-02 13:57 | svnbot | svn_revision | 12654 => 12659 |
2009-02-02 15:04 | svnbot | Checkin | |
2009-02-02 15:04 | svnbot | Note Added: 0013017 | |
2009-02-02 15:04 | svnbot | svn_revision | 12659 => 12662 |
2009-02-02 15:21 | svnbot | Checkin | |
2009-02-02 15:21 | svnbot | Note Added: 0013021 | |
2009-02-02 15:21 | svnbot | svn_revision | 12662 => 12665 |
2009-02-02 16:52 | svnbot | Checkin | |
2009-02-02 16:52 | svnbot | Note Added: 0013026 | |
2009-02-02 16:52 | svnbot | svn_revision | 12665 => 12676 |
2009-02-02 17:05 | alostale | Status | scheduled => resolved |
2009-02-02 17:05 | alostale | Fixed in Version | => 2.40 |
2009-02-02 17:05 | alostale | Resolution | open => fixed |
2009-03-03 17:32 | psarobe | Fixed in Version | 2.40 => 2.40MP3 |
2009-03-04 17:51 | psarobe | Regression testing | => No |
2009-03-04 17:51 | psarobe | Status | resolved => closed |
Notes |
|
(0012978)
|
svnbot
|
2009-02-02 09:57
|
|
Repository: openbravo
Revision: 12630
Author: alostale
Date: 2009-02-02 09:57:28 +0100 (Mon, 02 Feb 2009)
Related to issue 0006813:
Fixed accessible org tree for ad_reports
---
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ABCbPartner.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ABCproduct.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/MInOutTraceReports.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportAccountingCountDimensionalAnalyses.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportAgingBalance.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportAnnualCertification.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportBank.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportBankJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportBudgetGenerateExcel.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCash.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCashFlow.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCashJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCashflowForecast.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportDebtPayment.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportDebtPaymentTrack.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportExpense.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportGuaranteeDateJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInventory.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalyses.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerEdition.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscount.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscountJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorDimensionalAnalysesJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoices.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoicesJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEdition.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEditionJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportOffer.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportOrderNotInvoiceJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportParetoProduct.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportPendingProductionJr.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportPricelist.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductMovement.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProduction.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductionCost.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductionJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductionRunJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSite.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSiteJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProjectProfitabilityJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportPurchaseDimensionalAnalysesJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportRefundInvoiceCustomerDimensionalAnalyses.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportRefundSalesDimensionalAnalyses.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderInvoicedJasper.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItem.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItemJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderProvidedJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportShipmentEditionJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportShipper.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportStandardCostJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignment.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignmentJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportTotalProductTemplate.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalanceDetail.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportValuationStock.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseControl.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseDetailInventoryJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWarehousePartnerJR.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDaily.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDailyEnv.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementJR.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12630&sc=1 [^]
|
|
|
(0012979)
|
svnbot
|
2009-02-02 10:00
|
|
Repository: openbravo
Revision: 12631
Author: alostale
Date: 2009-02-02 10:00:18 +0100 (Mon, 02 Feb 2009)
Related to issue 0006813:
Fixed accessible org tree for erpReports
---
U branches/r2.40/src/org/openbravo/erpReports/RptC_Proposal.java
U branches/r2.40/src/org/openbravo/erpReports/RptC_ProposalJr.java
U branches/r2.40/src/org/openbravo/erpReports/RptC_Remittance.java
U branches/r2.40/src/org/openbravo/erpReports/RptC_Settlement.java
U branches/r2.40/src/org/openbravo/erpReports/RptPromissoryNote.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12631&sc=1 [^]
|
|
|
(0012992)
|
svnbot
|
2009-02-02 10:49
|
|
Repository: openbravo
Revision: 12636
Author: alostale
Date: 2009-02-02 10:49:24 +0100 (Mon, 02 Feb 2009)
Related to issue 0006813:
fixed org in callouts
---
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Invoice_BPartner.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Order_BPartner.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Project_BPartner.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Proposal_BPartner.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Wh_SchedulePeriod.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_CreateFromMultiple_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_InOut_BPartner.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Invoice_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Order_DocType.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Order_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Payment_Amounts.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_SequenceProduct_Product.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_WRPhaseProduct_Product.java
U branches/r2.40/src/org/openbravo/erpReports/RptC_RemittanceJR.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12636&sc=1 [^]
|
|
|
(0013011)
|
svnbot
|
2009-02-02 13:44
|
|
Repository: openbravo
Revision: 12654
Author: alostale
Date: 2009-02-02 13:44:57 +0100 (Mon, 02 Feb 2009)
related to issue 0006813: Fixed org in action buttons
---
U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/ActionButtonUtility.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/CreateFile.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/CreateFrom.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/CreateFromMultiple.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/ProjectSetType.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/UpdateMaintenanceScheduled.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12654&sc=1 [^]
|
|
|
(0013014)
|
svnbot
|
2009-02-02 13:57
|
|
Repository: openbravo
Revision: 12659
Author: alostale
Date: 2009-02-02 13:57:49 +0100 (Mon, 02 Feb 2009)
related to issue 0006813: Fixed org in ad process
---
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/CashBankOperations.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/ChangeOrderOrg.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/CreateAccountingReport.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/GenerateHelp.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/ImportAccountServlet.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/ImportBudgetServlet.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/PriceListCreateAll.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_process/SendMailText.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12659&sc=1 [^]
|
|
|
(0013017)
|
svnbot
|
2009-02-02 15:04
|
|
Repository: openbravo
Revision: 12662
Author: alostale
Date: 2009-02-02 15:04:56 +0100 (Mon, 02 Feb 2009)
related to issue 0006813: Fixed org in forms
---
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/AlertManagement.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/CallAcctServer.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/FileImport.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/InitialClientSetup.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline_Lines.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/RequisitionToOrder.java
U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/ShowSessionPreferences.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12662&sc=1 [^]
|
|
|
(0013021)
|
svnbot
|
2009-02-02 15:21
|
|
Repository: openbravo
Revision: 12665
Author: alostale
Date: 2009-02-02 15:21:02 +0100 (Mon, 02 Feb 2009)
related to issue 0006813: Fixed org in others
---
U branches/r2.40/src/org/openbravo/erpCommon/ad_workflow/WorkflowControl.java
U branches/r2.40/src/org/openbravo/erpCommon/businessUtility/Buscador.java
U branches/r2.40/src/org/openbravo/erpCommon/businessUtility/TabAttachments.java
U branches/r2.40/src/org/openbravo/erpCommon/utility/VerticalMenu.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12665&sc=1 [^]
|
|
|
(0013026)
|
svnbot
|
2009-02-02 16:52
|
|
Repository: openbravo
Revision: 12676
Author: alostale
Date: 2009-02-02 16:52:07 +0100 (Mon, 02 Feb 2009)
related to issue 0006813: Fixed org in selectors
---
U branches/r2.40/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java
U branches/r2.40/src/org/openbravo/erpCommon/info/DebtPayment.java
U branches/r2.40/src/org/openbravo/erpCommon/info/ImageInfo.java
U branches/r2.40/src/org/openbravo/erpCommon/info/InvoiceLine.java
U branches/r2.40/src/org/openbravo/erpCommon/info/Locator.java
U branches/r2.40/src/org/openbravo/erpCommon/info/Product.java
U branches/r2.40/src/org/openbravo/erpCommon/info/ProductComplete.java
U branches/r2.40/src/org/openbravo/erpCommon/info/ProductMultiple.java
U branches/r2.40/src/org/openbravo/erpCommon/info/Project.java
U branches/r2.40/src/org/openbravo/erpCommon/info/SalesOrder.java
U branches/r2.40/src/org/openbravo/erpCommon/info/SalesOrderLine.java
U branches/r2.40/src/org/openbravo/erpCommon/info/ShipmentReceipt.java
U branches/r2.40/src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java
---
https://dev.openbravo.com/websvn/openbravo/?rev=12676&sc=1 [^]
|
|