Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0056631
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2024-10-03 09:072024-11-22 11:13
Reportereduardo_ArgalView Statuspublic 
Assigned ToTriage Platform Base 
PriorityimmediateResolutionopenFixed in Version
StatusscheduledFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Versionpi
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionpiSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression levelProduction - Confirmed Stable
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0056631: A user with a not Manual role can access, edit and create transactions in any organization

DescriptionA user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store.
Steps To Reproduce1) Log as Orhi Store User
2) Go to Purchase Order Window
3) Create a new record
4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role
5) change the configuration for the role to Manual
6) Repeat the steps and mind that now the organizatiuon combo works properly
Proposed SolutionCheck previous behavior:
- How is the org access provided? Only on role creation? On update as well?

Check workaround:
- Ensure that disabling the role_org record works as expected
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
depends on backport 0057255PR24Q4 scheduledTriage Platform Base A user with a not Manual role can access, edit and create transactions in any organization 
depends on backport 0057256PR24Q3.3 scheduledTriage Platform Base A user with a not Manual role can access, edit and create transactions in any organization 
Not all the children of this issue are yet resolved or closed.

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2024-10-03 09:07 eduardo_Argal New Issue
2024-10-03 09:07 eduardo_Argal Assigned To => alostale
2024-10-03 09:07 eduardo_Argal Modules => Core
2024-10-03 09:07 eduardo_Argal Regression level => Production - Confirmed Stable
2024-10-03 09:07 eduardo_Argal Triggers an Emergency Pack => No
2024-10-15 10:34 alostale Assigned To alostale => Triage Platform Base
2024-10-17 14:38 AugustoMauch Proposed Solution updated
2024-10-17 14:39 AugustoMauch Proposed Solution updated
2024-11-22 11:13 AugustoMauch Status new => scheduled


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker