|View Issue Details|
|Type||Category||Severity||Reproducibility||Date Submitted||Last Update|
|defect||[Openbravo ERP] C. Security||major||always||2009-11-04 12:40||2010-04-14 16:28|
|Priority||urgent||Resolution||fixed||Fixed in Version|
|Status||closed||Fix in branch||Fixed in SCM revision||dcf41c424653|
|OS Version||Database version||Ant version|
|Product Version||2.50MP6||SCM revision|
|Review Assigned To|
|Regression introduced in release|
|Regression introduced by commit|
|Triggers an Emergency Pack||No|
0011239: The images on a field filled by a user can not be seen by other user with other role with access to the window
|Description||The images on a field filled by a user can not be seen by other user with other role with access to the window|
|Steps To Reproduce||-Create a new column in a table, with type character varying 32|
-Create e new column in the application dictionary for the column created. Reference Image BLOB
-Create a new field for the column
-Compile the application
-Access to the window with user Openbravo and role Openbravo admin
-Fill the image
-Create a new role with access to the window where the new field was created
-Create a new user for this role
-Logout and login with the new user
-Go to the window and see that the image can not be seen with this user.
|Tags||No tags attached.|
The issue does reproduce also with these steps:
1) Create an image field in the business partner window http://wiki.openbravo.com/wiki/Projects/Image_Reference_BLOB#Add_Image_Reference_BLOB_field_to_an_existing_window [^]
2) Log as Openbravo with role Openbravo Admin and add an image to the business partner window.
3) Create a new role which has access to business partner window (if you use an already existing role the issue does not reproduce) and give it an organization.
4) Create a new user and assign it this newly created role.
5) Log in with this new user and look for the previous business partner record.
You can not see the image. If the user created was given Openbravo Admin role he could see the image.
Author: Antonio Moreno <antonio.moreno <at> openbravo.com>
Date: Wed Nov 18 10:01:49 2009 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^]
Fixed issue 11239. Fixed issue 11241.
edited on: 2010-04-14 16:30
Issue was also reproducing with these steps: BLOB image field only works if you have access to the Application Image window.
1) Add a VARCHAR(32) column to C_BPARTNER table
2) Add the column to the table in the Application Dictionary and then add the field
to the Business Partner tab.
3) Compile the Business Partner window
4) Access the Business Partner window with a role which has NOT access to the
Application Image window.
5) Try to add an image.
Error message displays: Error
org.openbravo.base.exception.OBSecurityException: Entity ADImage is not directly
readable, only id and identifier properties are readable, property
ADImage.bindaryData is neither of these.
6) Give this role access to the Application Image window.
7) Go back to Business Partner window and add an image: OK
8) Remove again for this role the access to Application Image window.
9) Go back to the Business Partner window and select the former record: you are not
able to see the image you just added.
|2009-11-04 12:40||networkb||New Issue|
|2009-11-04 12:40||networkb||Assigned To||=> rafaroda|
|2009-11-05 08:15||rafaroda||Relationship added||related to 0011241|
|2009-11-05 08:20||rafaroda||Note Added: 0021579|
|2009-11-05 08:20||rafaroda||Assigned To||rafaroda => alostale|
|2009-11-05 08:20||rafaroda||Priority||immediate => urgent|
|2009-11-05 08:20||rafaroda||Status||new => scheduled|
|2009-11-05 08:20||rafaroda||Category||B. User interface => C. Security|
|2009-11-12 10:55||alostale||Assigned To||alostale => marvintm|
|2009-11-18 10:02||hgbot||Note Added: 0021951|
|2009-11-18 10:02||hgbot||Status||scheduled => resolved|
|2009-11-18 10:02||hgbot||Resolution||open => fixed|
|2009-11-18 10:02||hgbot||Fixed in SCM revision||=> http://code.openbravo.com/erp/devel/pi/rev/dcf41c4246535e1d7ee29e238a30d79501066811 [^]|
|2009-11-18 15:54||alostale||Status||resolved => closed|
|2009-11-19 00:00||anonymous||sf_bug_id||0 => 2900158|
|2010-04-14 16:28||rafaroda||Note Added: 0026193|
|2010-04-14 16:28||rafaroda||Note Edited: 0026193||View Revisions|
|2010-04-14 16:30||rafaroda||Note Edited: 0026193||View Revisions|
|Copyright © 2000 - 2009 MantisBT Group|