Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0010659 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Openbravo ERP] C. Security | major | always | 2009-09-10 14:46 | 2009-10-13 12:11 | |||
| Reporter | villind | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 2.40MP10 | |||
| Status | closed | Fix in branch | 2.40 | Fixed in SCM revision | f09cdd911784 | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.40MP8 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0010659: Adding a new organization adds org access to manual roles | |||||||
| Description | Adding a new organization adds org access to manual roles. This poses a security risk as the access control settings are modifid automatically where they should not be modified. | |||||||
| Steps To Reproduce | 1. Have an role with ismanula setting active. 2. Add a new organization 3. Relogin 4. See the "Org Access" tab of the manual role | |||||||
| Proposed Solution | See the attached patch. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0020649) hgbot (developer) 2009-10-02 08:50 |
Repository: erp/stable/2.40 Changeset: f09cdd91178477ccedef0127213ea2146065b963 Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Fri Oct 02 08:47:52 2009 +0200 URL: http://code.openbravo.com/erp/stable/2.40/rev/f09cdd91178477ccedef0127213ea2146065b963 [^] fixed bug 0010659: Adding a new organization adds org access to manual roles --- M src-db/database/model/triggers/AD_ORG_TRG.xml --- |
|
(0020981) sureshbabu (reporter) 2009-10-13 12:11 |
Tested working fine, organization not added to the org access to manual roles |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-09-18 14:08 | rafaroda | Type | defect => backport |
| 2009-09-18 14:08 | rafaroda | fix_in_branch | => 2.40 |
| 2009-10-02 08:50 | hgbot | Checkin | |
| 2009-10-02 08:50 | hgbot | Note Added: 0020649 | |
| 2009-10-02 08:50 | hgbot | Status | scheduled => resolved |
| 2009-10-02 08:50 | hgbot | Resolution | open => fixed |
| 2009-10-02 08:50 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/stable/2.40/rev/f09cdd91178477ccedef0127213ea2146065b963 [^] |
| 2009-10-13 12:11 | sureshbabu | Status | resolved => closed |
| 2009-10-13 12:11 | sureshbabu | Note Added: 0020981 | |
| 2009-10-13 12:11 | sureshbabu | Fixed in Version | => 2.40MP10 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |