Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0014750 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2010-10-01 13:11 | 2010-12-09 16:06 | |||
| Reporter | jonalegriaesarte | View Status | public | |||||
| Assigned To | adrianromero | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | 2.50MP23 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | be9aed3260c9 | ||||
| Projection | none | ETA | none | Target Version | 2.50MP23 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.50MP21 | SCM revision | ||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | OBPS | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0014750: I can not access to the application when there are many organizations. | |||||||
| Description | If we create many organizations we can not access the application. | |||||||
| Steps To Reproduce | - Load 422 organizations - Try to access to Openbravo ERP. Please ask for files to load organizations to Support Team. The error is in: SELECT r.UserLevel,''''||replace(replace(r.ClientList,' ',''),',',''',''')||'''' as ClientList,''''||replace(replace(r.OrgList,' ',''),',',''',''')||'''' as OrgList,r.C_Currency_ID,r.AmtApproval, r.AD_Client_ID, c.NAME, u.C_BPARTNER_ID, c.VALUE, c.SMTPHOST FROM AD_ROLE r, AD_CLIENT c, AD_USER u, AD_USER_ROLES ur WHERE r.AD_Role_ID = ? AND ur.AD_USER_ID = ? AND r.AD_CLIENT_ID = c.AD_CLIENT_ID AND r.IsActive='Y' AND c.IsActive='Y' AND r.AD_ROLE_ID = ur.AD_ROLE_ID AND ur.AD_USER_ID = u.AD_USER_ID because you can not concatenate all the ad_org_id in OrgList variable. This sql is in src/org/openbravo/base/secureApp/Seguridad_data.xsql | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0031858) hgbot (developer) 2010-10-14 18:53 |
Repository: erp/devel/pi Changeset: e5c51e8fd7207f2dcb6767d607d233c3b5062b35 Author: Adrián Romero <adrianromero <at> openbravo.com> Date: Mon Oct 04 16:58:09 2010 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/e5c51e8fd7207f2dcb6767d607d233c3b5062b35 [^] Fixes issue 0014750: I can not access to the application when there are many organizations. It has been modified the logic that builds the list of organizations reading directly the table AD_ROLE_ORGACCESS instead the ORGLIST and CLIENTLIST fields The fields ORGLIST and CLIENTLIST has been marked as deprecated The AD_ROLE_ORG_ACCESS has been shielded if the organizations list or clients list is too long --- M src-db/database/model/triggers/AD_ROLE_ORGACCESS_TRG.xml M src-db/database/sourcedata/AD_COLUMN.xml M src/org/openbravo/base/secureApp/LoginUtils.java --- |
|
(0031859) adrianromero (viewer) 2010-10-14 19:00 edited on: 2010-10-20 18:40 |
* Testing the issue Now you can login in the application with more than 422 organizations Test to log in with different users Test changing to different roles of the user logged Add access to new organizations and new clients to roles and verify that it works login as a user with this modified role assigned. * Other areas affected. Login and organizations and clients and roles functionality can be affected by this fix. Security management. Access to organization and roles |
|
(0031922) adrianromero (viewer) 2010-10-18 17:19 |
The fix fails in some situations and needs to be reviewed |
|
(0031928) hudsonbot (viewer) 2010-10-18 17:39 |
A changeset related to this issue has been promoted to main after passing a series of tests and an OBX has been generated: Changeset: http://code.openbravo.com/erp/devel/main/rev/e5c51e8fd720 [^] Merge Changeset: http://code.openbravo.com/erp/devel/main/rev/e1c7df1ae349 [^] Tests: http://builds.openbravo.com/view/int/ [^] OBX: http://builds.openbravo.com/erp/core/obx/OpenbravoERP-2.50CI.18559.obx [^] |
|
(0032024) hgbot (developer) 2010-10-20 18:35 |
Repository: erp/devel/pi Changeset: 120af24b8412fcbb8e5810d7f09c180276fca23a Author: Adrián Romero <adrianromero <at> openbravo.com> Date: Wed Oct 20 18:35:09 2010 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/120af24b8412fcbb8e5810d7f09c180276fca23a [^] Fixes issue 0014750: I can not access to the application when there are many organizations. It has been modified the logic that builds the list of organizations reading directly the table AD_ROLE_ORGACCESS instead the ORGLIST and CLIENTLIST fields The fields ORGLIST and CLIENTLIST has been marked as deprecated The AD_ROLE_ORG_ACCESS has been shielded if the organizations list or clients list is too long --- M src-db/database/model/triggers/AD_ROLE_ORGACCESS_TRG.xml M src-db/database/sourcedata/AD_COLUMN.xml M src-db/database/sourcedata/AD_VAL_RULE.xml M src/org/openbravo/base/secureApp/DefaultOptions_data.xsql M src/org/openbravo/base/secureApp/LoginUtils.java M src/org/openbravo/base/secureApp/Seguridad_data.xsql M src/org/openbravo/erpCommon/ad_forms/Role.java M src/org/openbravo/erpCommon/ad_forms/RoleCombo_data.xsql M src/org/openbravo/erpCommon/ad_process/ClientCombo_data.xsql --- |
|
(0032034) hudsonbot (viewer) 2010-10-21 06:27 |
A changeset related to this issue has been promoted to main after passing a series of tests and an OBX has been generated: Changeset: http://code.openbravo.com/erp/devel/main/rev/120af24b8412 [^] Merge Changeset: http://code.openbravo.com/erp/devel/main/rev/b5df3f5030eb [^] Tests: http://builds.openbravo.com/view/int/ [^] OBX: http://builds.openbravo.com/erp/core/obx/OpenbravoERP-2.50CI.18578.obx [^] |
|
(0032097) hgbot (developer) 2010-10-22 09:59 |
Repository: erp/devel/pi Changeset: be9aed3260c99a58a341f7ab4fbf3209466bbaff Author: Adrián Romero <adrianromero <at> openbravo.com> Date: Fri Oct 22 09:58:45 2010 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/be9aed3260c99a58a341f7ab4fbf3209466bbaff [^] Fixes issue 014750: I can not access to the application when there are many organizations. It has been removed the wrong calculation in the security sentence --- M src/org/openbravo/base/secureApp/Seguridad_data.xsql --- |
|
(0032135) hudsonbot (viewer) 2010-10-22 22:43 |
A changeset related to this issue has been promoted to main after passing a series of tests and an OBX has been generated: Changeset: http://code.openbravo.com/erp/devel/main/rev/be9aed3260c9 [^] Merge Changeset: http://code.openbravo.com/erp/devel/main/rev/98214a9e7372 [^] Tests: http://builds.openbravo.com/view/int/ [^] OBX: http://builds.openbravo.com/erp/core/obx/OpenbravoERP-2.50CI.18589.obx [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-10-01 13:11 | jonalegriaesarte | New Issue | |
| 2010-10-01 13:11 | jonalegriaesarte | Assigned To | => adrianromero |
| 2010-10-01 13:11 | jonalegriaesarte | OBNetwork customer | => Yes |
| 2010-10-04 17:07 | rafaroda | Issue Monitored: rafaroda | |
| 2010-10-05 14:28 | shuehner | Issue Monitored: shuehner | |
| 2010-10-14 18:53 | hgbot | Checkin | |
| 2010-10-14 18:53 | hgbot | Note Added: 0031858 | |
| 2010-10-14 18:53 | hgbot | Status | new => resolved |
| 2010-10-14 18:53 | hgbot | Resolution | open => fixed |
| 2010-10-14 18:53 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/e5c51e8fd7207f2dcb6767d607d233c3b5062b35 [^] |
| 2010-10-14 19:00 | adrianromero | Note Added: 0031859 | |
| 2010-10-18 17:19 | adrianromero | Note Added: 0031922 | |
| 2010-10-18 17:19 | adrianromero | Status | resolved => new |
| 2010-10-18 17:19 | adrianromero | Resolution | fixed => open |
| 2010-10-18 17:39 | hudsonbot | Checkin | |
| 2010-10-18 17:39 | hudsonbot | Note Added: 0031928 | |
| 2010-10-20 18:35 | hgbot | Checkin | |
| 2010-10-20 18:35 | hgbot | Note Added: 0032024 | |
| 2010-10-20 18:35 | hgbot | Status | new => resolved |
| 2010-10-20 18:35 | hgbot | Resolution | open => fixed |
| 2010-10-20 18:35 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/e5c51e8fd7207f2dcb6767d607d233c3b5062b35 [^] => http://code.openbravo.com/erp/devel/pi/rev/120af24b8412fcbb8e5810d7f09c180276fca23a [^] |
| 2010-10-20 18:40 | adrianromero | Note Edited: 0031859 | View Revisions |
| 2010-10-21 06:27 | hudsonbot | Checkin | |
| 2010-10-21 06:27 | hudsonbot | Note Added: 0032034 | |
| 2010-10-22 09:59 | hgbot | Checkin | |
| 2010-10-22 09:59 | hgbot | Note Added: 0032097 | |
| 2010-10-22 09:59 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/120af24b8412fcbb8e5810d7f09c180276fca23a [^] => http://code.openbravo.com/erp/devel/pi/rev/be9aed3260c99a58a341f7ab4fbf3209466bbaff [^] |
| 2010-10-22 22:43 | hudsonbot | Checkin | |
| 2010-10-22 22:43 | hudsonbot | Note Added: 0032135 | |
| 2010-11-18 12:18 | psarobe | Status | resolved => closed |
| 2010-11-18 12:18 | psarobe | Fixed in Version | => 2.50MP23 |
| 2010-12-09 16:06 | anonymous | sf_bug_id | 0 => 3133487 |
| 2016-10-13 15:07 | alostale | Relationship added | related to 0034201 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |