Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0010548
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2009-09-10 14:462009-10-08 00:00
ReportervillindView Statuspublic 
Assigned Toalostale 
PriorityurgentResolutionfixedFixed in Version2.50MP7
StatusclosedFix in branchpiFixed in SCM revisioned4e3d66e2f4
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product Version2.40MP8SCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0010548: Adding a new organization adds org access to manual roles

DescriptionAdding a new organization adds org access to manual roles. This poses a security risk as the access control settings are modifid automatically where they should not be modified.
Steps To Reproduce 1. Have an role with ismanula setting active.
 2. Add a new organization
 3. Relogin
 4. See the "Org Access" tab of the manual role
Proposed SolutionSee the attached patch.
TagsNo tags attached.
Attached Filesdiff file icon no-org-for-manual-role.diff [^] (551 bytes) 2009-09-10 14:46 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
depends on backport 0010659 closedalostale Adding a new organization adds org access to manual roles 
related to defect 0030057 closedaferraz Org Access added automatically to all roles 
causes design defect 0030253 newTriage Platform Base Automatic roles and initial organization setup inconsistency 

-  Notes
(0020208)
rafaroda (developer)
2009-09-18 14:08

 Thank you for the patch Ville.
(0020648)
hgbot (developer)
2009-10-02 08:48

 Repository: erp/devel/pi
Changeset: ed4e3d66e2f427041aa4cfe4501386475d50f8d4
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Fri Oct 02 08:47:52 2009 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/ed4e3d66e2f427041aa4cfe4501386475d50f8d4 [^]

fixed bug 0010548: Adding a new organization adds org access to manual roles

---
M src-db/database/model/triggers/AD_ORG_TRG.xml
---
(0020834)
sureshbabu (reporter)
2009-10-07 12:48

 Tested, working fine (organization access of the newly created organization not added to the manual role by default)

- Issue History
Date Modified Username Field Change
2009-09-10 14:46 villind New Issue
2009-09-10 14:46 villind Assigned To => rafaroda
2009-09-10 14:46 villind File Added: no-org-for-manual-role.diff
2009-09-18 14:08 rafaroda Note Added: 0020208
2009-09-18 14:08 rafaroda Assigned To rafaroda => alostale
2009-09-18 14:08 rafaroda Priority normal => urgent
2009-09-18 14:08 rafaroda Status new => scheduled
2009-09-18 14:08 rafaroda fix_in_branch => pi
2009-10-02 08:48 hgbot Checkin
2009-10-02 08:48 hgbot Note Added: 0020648
2009-10-02 08:48 hgbot Status scheduled => resolved
2009-10-02 08:48 hgbot Resolution open => fixed
2009-10-02 08:48 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/ed4e3d66e2f427041aa4cfe4501386475d50f8d4 [^]
2009-10-07 12:48 sureshbabu Status resolved => closed
2009-10-07 12:48 sureshbabu Note Added: 0020834
2009-10-07 12:48 sureshbabu Fixed in Version => 2.50MP7
2009-10-08 00:00 anonymous sf_bug_id 0 => 2874364
2015-06-03 19:06 aferraz Relationship added related to 0030057
2015-06-26 09:17 vmromanos Relationship added causes 0030253

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker