Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0011239 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2009-11-04 12:40 | 2010-04-14 16:28 | |||
| Reporter | networkb | View Status | public | |||||
| Assigned To | marvintm | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | dcf41c424653 | ||||
| Projection | none | ETA | none | Target Version | 2.50MP9 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.50MP6 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0011239: The images on a field filled by a user can not be seen by other user with other role with access to the window | |||||||
| Description | The images on a field filled by a user can not be seen by other user with other role with access to the window | |||||||
| Steps To Reproduce | -Create a new column in a table, with type character varying 32 -Create e new column in the application dictionary for the column created. Reference Image BLOB -Create a new field for the column -Compile the application -Access to the window with user Openbravo and role Openbravo admin -Fill the image -Create a new role with access to the window where the new field was created -Create a new user for this role -Logout and login with the new user -Go to the window and see that the image can not be seen with this user. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0021579) rafaroda (developer) 2009-11-05 08:20 |
The issue does reproduce also with these steps: 1) Create an image field in the business partner window http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^] 2) Log as Openbravo with role Openbravo Admin and add an image to the business partner window. 3) Create a new role which has access to business partner window (if you use an already existing role the issue does not reproduce) and give it an organization. 4) Create a new user and assign it this newly created role. 5) Log in with this new user and look for the previous business partner record. You can not see the image. If the user created was given Openbravo Admin role he could see the image. |
|
(0021951) hgbot (developer) 2009-11-18 10:02 |
Repository: erp/devel/pi Changeset: dcf41c4246535e1d7ee29e238a30d79501066811 Author: Antonio Moreno <antonio.moreno <at> openbravo.com> Date: Wed Nov 18 10:01:49 2009 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^] Fixed issue 11239. Fixed issue 11241. --- M src-wad/src/org/openbravo/wad/controls/WADImageBLOB.java M src/org/openbravo/erpCommon/info/ImageInfoBLOB.html M src/org/openbravo/erpCommon/info/ImageInfoBLOB.java M src/org/openbravo/erpCommon/info/ImageInfoBLOB.xml M src/org/openbravo/erpCommon/utility/ShowImage.java --- |
|
(0026193) rafaroda (developer) 2010-04-14 16:28 edited on: 2010-04-14 16:30 |
Issue was also reproducing with these steps: BLOB image field only works if you have access to the Application Image window. 1) Add a VARCHAR(32) column to C_BPARTNER table http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^] 2) Add the column to the table in the Application Dictionary and then add the field to the Business Partner tab. 3) Compile the Business Partner window 4) Access the Business Partner window with a role which has NOT access to the Application Image window. 5) Try to add an image. Error message displays: Error org.openbravo.base.exception.OBSecurityException: Entity ADImage is not directly readable, only id and identifier properties are readable, property ADImage.bindaryData is neither of these. 6) Give this role access to the Application Image window. 7) Go back to Business Partner window and add an image: OK 8) Remove again for this role the access to Application Image window. 9) Go back to the Business Partner window and select the former record: you are not able to see the image you just added. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-11-04 12:40 | networkb | New Issue | |
| 2009-11-04 12:40 | networkb | Assigned To | => rafaroda |
| 2009-11-05 08:15 | rafaroda | Relationship added | related to 0011241 |
| 2009-11-05 08:20 | rafaroda | Note Added: 0021579 | |
| 2009-11-05 08:20 | rafaroda | Assigned To | rafaroda => alostale |
| 2009-11-05 08:20 | rafaroda | Priority | immediate => urgent |
| 2009-11-05 08:20 | rafaroda | Status | new => scheduled |
| 2009-11-05 08:20 | rafaroda | Category | B. User interface => C. Security |
| 2009-11-12 10:55 | alostale | Assigned To | alostale => marvintm |
| 2009-11-18 10:02 | hgbot | Checkin | |
| 2009-11-18 10:02 | hgbot | Note Added: 0021951 | |
| 2009-11-18 10:02 | hgbot | Status | scheduled => resolved |
| 2009-11-18 10:02 | hgbot | Resolution | open => fixed |
| 2009-11-18 10:02 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^] |
| 2009-11-18 15:54 | alostale | Status | resolved => closed |
| 2009-11-19 00:00 | anonymous | sf_bug_id | 0 => 2900158 |
| 2010-04-14 16:28 | rafaroda | Note Added: 0026193 | |
| 2010-04-14 16:28 | rafaroda | Note Edited: 0026193 | View Revisions |
| 2010-04-14 16:30 | rafaroda | Note Edited: 0026193 | View Revisions |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |