Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0032728 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| feature request | [Openbravo ERP] C. Security | minor | have not tried | 2016-04-20 13:50 | 2016-06-17 19:37 | |||
| Reporter | inigosanchez | View Status | public | |||||
| Assigned To | inigosanchez | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 3.0PR16Q3 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | daf66237fa61 | ||||
| Projection | none | ETA | none | Target Version | 3.0PR16Q3 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | alostale | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0032728: Standard datasources should check entity access. | |||||||
| Description | Standard datasources should check entity access. | |||||||
| Steps To Reproduce | - | |||||||
| Proposed Solution | * Allows implement entity access check. * This mechanism should be overwritable so specific cases can implement their own security mechanisms. * Define a property for backwards compatibility to allow them | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0085885) hgbot (developer) 2016-04-22 12:26 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory Changeset: 2c01d09d4265de62e04f80c1f0e92ebee71dba0a Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:03:54 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/2c01d09d4265de62e04f80c1f0e92ebee71dba0a [^] Related with issue 32728: Some mobile services have been removed. It have been updated some mobile services because now it is used 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' mobile service (new mobile service) to manage new check entity access. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml --- |
|
(0085886) hgbot (developer) 2016-04-22 12:27 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.picking Changeset: 77fc452aaf453cbba92106eb14afb9a0850c8087 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:02:03 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.picking/rev/77fc452aaf453cbba92106eb14afb9a0850c8087 [^] Related with issue 32728: Some mobile services have been updated. It have been updated some mobile services because now it is used 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' mobile service (new mobile service) to manage new check entity access. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml --- |
|
(0085887) hgbot (developer) 2016-04-22 12:27 |
Repository: erp/pmods/org.openbravo.mobile.warehouse Changeset: b6a9dc0b446829963b4c11e07d23d7817be54e8e Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:00:26 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse/rev/b6a9dc0b446829963b4c11e07d23d7817be54e8e [^] Related with issue 32728: Some mobile services have been updated. It have been updated some mobile services because now it is used 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' mobile service (new mobile service) to manage new check entity access. Besides 'WarehouseMovementBinDatasource' extends from 'MobileDataSourceService' to take into account check entity access in standard DS invoked from mobile. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml M src/org/openbravo/mobile/warehouse/datasource/WarehouseMovementBinDatasource.java --- |
|
(0085910) hgbot (developer) 2016-04-22 17:29 |
Repository: erp/pmods/org.openbravo.mobile.warehouse Changeset: 1581f18e0b49f430e7804b21841a7b4f9f0ae152 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Fri Apr 22 17:28:43 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse/rev/1581f18e0b49f430e7804b21841a7b4f9f0ae152 [^] Related with issue 32728: Backout changeset b6a9dc0b4468 Backed out changeset b6a9dc0b4468 because retail integration fails. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml M src/org/openbravo/mobile/warehouse/datasource/WarehouseMovementBinDatasource.java --- |
|
(0085911) hgbot (developer) 2016-04-22 17:29 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory Changeset: 82a289d7b17856befc5655697a1a7dc8a28ecf49 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Fri Apr 22 17:25:40 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/82a289d7b17856befc5655697a1a7dc8a28ecf49 [^] Related with issue 32728: Backout changeset 2c01d09d4265 Backed out changeset 2c01d09d4265 because retail integration fails. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml --- |
|
(0085912) hgbot (developer) 2016-04-22 17:30 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.picking Changeset: eeeb1f3bfa5f9f3621720972ce3f768c13c5228b Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Fri Apr 22 17:23:10 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.picking/rev/eeeb1f3bfa5f9f3621720972ce3f768c13c5228b [^] Related with issue 32728: Backout changeset 77fc452aaf45 Backed out changeset 77fc452aaf45 because retail integration fails. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml --- |
|
(0085939) hgbot (developer) 2016-04-25 09:32 |
Repository: erp/devel/api-checks Changeset: 89ae22f80a61d51fbf6c7335b6838cb54f364546 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Fri Apr 22 11:11:47 2016 +0200 URL: http://code.openbravo.com/erp/devel/api-checks/rev/89ae22f80a61d51fbf6c7335b6838cb54f364546 [^] Fixes issue 32730: API change for issue 32728 --- M java.japi.gz --- |
|
(0085942) hgbot (developer) 2016-04-25 09:43 |
Repository: erp/devel/pi Changeset: daf66237fa614b8fd8e72b08b17bcd893ed5e264 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Fri Apr 22 10:01:49 2016 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/daf66237fa614b8fd8e72b08b17bcd893ed5e264 [^] Fixed issue 32728: Standard datasources should check entity access. --- M .settings/org.eclipse.jdt.core.prefs M modules/org.openbravo.client.application/src/org/openbravo/client/application/ADAlertDatasourceService.java M modules/org.openbravo.client.application/src/org/openbravo/client/application/CachedPreference.java M modules/org.openbravo.client.querylist/src/org/openbravo/client/querylist/QueryListDataSource.java M modules/org.openbravo.service.datasource/src-db/database/sourcedata/AD_REF_LIST.xml M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/BaseDataSourceService.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ComboTableDatasourceService.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceConstants.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceService.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/HQLDataSourceService.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/NoteDataSource.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/TreeDatasourceService.java M modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/CustomQuerySelectorDatasource.java M modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorFieldPropertyDataSource.java M src-test/src/org/openbravo/test/AllWebserviceTests.java M src-test/src/org/openbravo/test/datasource/DataSourceWhereParameter.java M src-test/src/org/openbravo/test/datasource/ProductSelectorDataSourceTest.java M src-test/src/org/openbravo/test/datasource/TestAllowUnpagedDatasourcePreference.java M src-test/src/org/openbravo/test/datasource/TestComboDatasource.java M src-test/src/org/openbravo/test/security/ExplicitCrossOrganizationReference.java M src/org/openbravo/base/model/ModelProvider.java M src/org/openbravo/common/datasource/StockReservationPickAndEditDataSource.java M src/org/openbravo/dal/security/EntityAccessChecker.java M src/org/openbravo/materialmgmt/ManageVariantsDS.java M src/org/openbravo/materialmgmt/ProductCharacteristicsDS.java A src-test/src/org/openbravo/test/datasource/DataSourceSecurity.java A src-test/src/org/openbravo/test/datasource/TestInitializeAccess.java --- |
|
(0085943) hgbot (developer) 2016-04-25 09:44 |
Repository: erp/pmods/org.openbravo.mobile.core Changeset: 2eeffcabe702aef1acb9e7a965936d9b722f2396 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Wed Apr 20 14:28:17 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/2eeffcabe702aef1acb9e7a965936d9b722f2396 [^] Related with issue 32728: MobileDataSourceService datasource has been created. MobileDataSourceService has been created. Security methods of MobileDataSourceService are temporarily disabled until this security will be implemented in mobile part. Besides, It have been created two new mobile services: * From one side a new mobile service called 'org.openbravo.service.datasource'. This service name uses 'contains' to match it with the requests from the client. So a service name of 'org.openbravo.service.datasource' will handle all the client side requests with 'org.openbravo.service.datasource' in the requested URL. For this reason,mobile services that are previously deleted it can be manage properly. * On the other hand, It have been created new mobile service called 'org.openbravo.mobile.core.datasource/MobileDataSourceService' to allows used this new DS in mobile. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml M web/org.openbravo.mobile.core/source/data/ob-model.js A src-db/database/sourcedata/OBSERDS_DATASOURCE.xml A src/org/openbravo/mobile/core/datasource/MobileDataSourceService.java --- |
|
(0085944) hgbot (developer) 2016-04-25 09:44 |
Repository: erp/pmods/org.openbravo.mobile.core Changeset: 7c26697c6f6e28bdefc323eff51341c2c6653d99 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:11:26 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/7c26697c6f6e28bdefc323eff51341c2c6653d99 [^] Related with issue 32728: MobileDataSourceService datasource has been improved. MobileDataSourceService has been updated. It have been added fetch, add, remove and update methods. Besides, It have been updated two mobile services: * From one side a new mobile service called 'org.openbravo.service.datasource' has been removed. * On the other hand, It have been updated mobile service called 'org.openbravo.mobile.core.datasource/MobileDataSourceService' to 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' because this service name should be an url. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml M src/org/openbravo/mobile/core/datasource/MobileDataSourceService.java --- |
|
(0085945) hgbot (developer) 2016-04-25 09:45 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.picking Changeset: 80d240cb7798a54664c5c2acaa43191d1f67f086 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:02:03 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.picking/rev/80d240cb7798a54664c5c2acaa43191d1f67f086 [^] Related with issue 32728: Some mobile services have been updated. It have been updated some mobile services because now it is used 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' mobile service (new mobile service) to manage new check entity access. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml --- |
|
(0085946) hgbot (developer) 2016-04-25 09:45 |
Repository: erp/pmods/org.openbravo.mobile.warehouse Changeset: a2e2b97cec2904ccaff050c81bc48c19c33ae7d4 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:00:26 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse/rev/a2e2b97cec2904ccaff050c81bc48c19c33ae7d4 [^] Related with issue 32728: Some mobile services have been updated. It have been updated some mobile services because now it is used 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' mobile service (new mobile service) to manage new check entity access. Besides 'WarehouseMovementBinDatasource' extends from 'MobileDataSourceService' to take into account check entity access in standard DS invoked from mobile. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml M src/org/openbravo/mobile/warehouse/datasource/WarehouseMovementBinDatasource.java --- |
|
(0085947) hgbot (developer) 2016-04-25 09:46 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory Changeset: ef87d185055f3cd20275a746ea82c873ba3b091b Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 13:03:54 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/ef87d185055f3cd20275a746ea82c873ba3b091b [^] Related with issue 32728: Some mobile services have been updated. It have been updated some mobile services because now it is used 'org.openbravo.service.datasource/1626FF659E0A40DAA220C00141D5BD71' mobile service (new mobile service) to manage new check entity access. --- M src-db/database/sourcedata/OBMOBC_SERVICES.xml --- |
|
(0085948) hgbot (developer) 2016-04-25 09:47 |
Repository: erp/pmods/org.openbravo.module.resources Changeset: 0df0e74fec7ca9375d979f10f9dbbc905086fec8 Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Thu Apr 21 14:15:33 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.module.resources/rev/0df0e74fec7ca9375d979f10f9dbbc905086fec8 [^] Related with issue 32728: ResourcesCalendarDataSource has been updated. ResourcesCalendarDataSource datasource has been updated to take into account new security methods. --- M src/org/openbravo/module/resources/calendar/ResourcesCalendarDataSource.java --- |
|
(0085952) hgbot (developer) 2016-04-25 10:26 |
Repository: erp/pmods/org.openbravo.mobile.core Changeset: 6ccdb26762c805fedbeadebd59ef6e63c18df1fa Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Mon Apr 25 10:24:55 2016 +0200 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/6ccdb26762c805fedbeadebd59ef6e63c18df1fa [^] Related with issue 32728: Updated license text to OBCL license text. --- M src/org/openbravo/mobile/core/datasource/MobileDataSourceService.java --- |
|
(0085960) hgbot (developer) 2016-04-25 13:59 |
Repository: erp/devel/api-checks Changeset: b8d18c0ffbb8b46bcc8eba1fb97e0211dd177a1d Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Mon Apr 25 13:56:37 2016 +0200 URL: http://code.openbravo.com/erp/devel/api-checks/rev/b8d18c0ffbb8b46bcc8eba1fb97e0211dd177a1d [^] Related with issue 32728: Wrong place for japi file. --- M java/reference/java.japi.gz R java.japi.gz --- |
|
(0086082) alostale (manager) 2016-04-29 14:11 |
code reviewed and tested as part of the project |
|
(0087489) hudsonbot (developer) 2016-06-17 19:37 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/0dc7be081b1c [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-04-20 13:50 | inigosanchez | New Issue | |
| 2016-04-20 13:50 | inigosanchez | Assigned To | => inigosanchez |
| 2016-04-20 13:50 | inigosanchez | Modules | => Core |
| 2016-04-20 13:50 | inigosanchez | Triggers an Emergency Pack | => No |
| 2016-04-20 13:50 | inigosanchez | Status | new => scheduled |
| 2016-04-20 14:52 | inigosanchez | Relationship added | related to 0032730 |
| 2016-04-21 13:36 | inigosanchez | Relationship added | related to 0032753 |
| 2016-04-22 12:26 | hgbot | Checkin | |
| 2016-04-22 12:26 | hgbot | Note Added: 0085885 | |
| 2016-04-22 12:27 | hgbot | Checkin | |
| 2016-04-22 12:27 | hgbot | Note Added: 0085886 | |
| 2016-04-22 12:27 | hgbot | Checkin | |
| 2016-04-22 12:27 | hgbot | Note Added: 0085887 | |
| 2016-04-22 17:29 | hgbot | Checkin | |
| 2016-04-22 17:29 | hgbot | Note Added: 0085910 | |
| 2016-04-22 17:29 | hgbot | Checkin | |
| 2016-04-22 17:29 | hgbot | Note Added: 0085911 | |
| 2016-04-22 17:30 | hgbot | Checkin | |
| 2016-04-22 17:30 | hgbot | Note Added: 0085912 | |
| 2016-04-25 09:32 | hgbot | Checkin | |
| 2016-04-25 09:32 | hgbot | Note Added: 0085939 | |
| 2016-04-25 09:43 | hgbot | Checkin | |
| 2016-04-25 09:43 | hgbot | Note Added: 0085942 | |
| 2016-04-25 09:43 | hgbot | Status | scheduled => resolved |
| 2016-04-25 09:43 | hgbot | Resolution | open => fixed |
| 2016-04-25 09:43 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/daf66237fa614b8fd8e72b08b17bcd893ed5e264 [^] |
| 2016-04-25 09:44 | hgbot | Checkin | |
| 2016-04-25 09:44 | hgbot | Note Added: 0085943 | |
| 2016-04-25 09:44 | hgbot | Checkin | |
| 2016-04-25 09:44 | hgbot | Note Added: 0085944 | |
| 2016-04-25 09:45 | hgbot | Checkin | |
| 2016-04-25 09:45 | hgbot | Note Added: 0085945 | |
| 2016-04-25 09:45 | hgbot | Checkin | |
| 2016-04-25 09:45 | hgbot | Note Added: 0085946 | |
| 2016-04-25 09:46 | hgbot | Checkin | |
| 2016-04-25 09:46 | hgbot | Note Added: 0085947 | |
| 2016-04-25 09:47 | hgbot | Checkin | |
| 2016-04-25 09:47 | hgbot | Note Added: 0085948 | |
| 2016-04-25 09:51 | inigosanchez | Review Assigned To | => alostale |
| 2016-04-25 10:26 | hgbot | Checkin | |
| 2016-04-25 10:26 | hgbot | Note Added: 0085952 | |
| 2016-04-25 13:59 | hgbot | Checkin | |
| 2016-04-25 13:59 | hgbot | Note Added: 0085960 | |
| 2016-04-27 10:40 | alostale | Relationship added | causes 0032795 |
| 2016-04-29 14:11 | alostale | Note Added: 0086082 | |
| 2016-04-29 14:11 | alostale | Status | resolved => closed |
| 2016-04-29 14:11 | alostale | Fixed in Version | => 3.0PR16Q3 |
| 2016-05-01 23:28 | inigosanchez | Relationship added | related to 0032820 |
| 2016-05-01 23:29 | inigosanchez | Relationship added | related to 0032819 |
| 2016-05-03 10:02 | alostale | Relationship added | causes 0032833 |
| 2016-05-09 08:26 | inigosanchez | Relationship added | related to 0032178 |
| 2016-06-09 10:17 | alostale | Relationship added | related to 0033194 |
| 2016-06-09 10:25 | alostale | Relationship replaced | causes 0033194 |
| 2016-06-17 19:37 | hudsonbot | Checkin | |
| 2016-06-17 19:37 | hudsonbot | Note Added: 0087489 | |
| 2016-08-31 14:19 | ngarcia | Relationship added | related to 0033866 |
| 2016-11-14 17:10 | caristu | Relationship added | related to 0034499 |
| 2016-12-29 15:13 | inigosanchez | Relationship added | related to 0034823 |
| 2017-10-31 13:46 | caristu | Relationship added | related to 0037200 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |