Anonymous | Login
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2009-11-04 12:402010-04-14 16:28
ReporternetworkbView Statuspublic 
Assigned Tomarvintm 
PriorityurgentResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revisiondcf41c424653
ProjectionnoneETAnoneTarget Version2.50MP9
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product Version2.50MP6SCM revision 
Review Assigned To
Web browser
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo

0011239: The images on a field filled by a user can not be seen by other user with other role with access to the window

DescriptionThe images on a field filled by a user can not be seen by other user with other role with access to the window
Steps To Reproduce-Create a new column in a table, with type character varying 32
-Create e new column in the application dictionary for the column created. Reference Image BLOB
-Create a new field for the column
-Compile the application
-Access to the window with user Openbravo and role Openbravo admin
-Fill the image
-Create a new role with access to the window where the new field was created
-Create a new user for this role
-Logout and login with the new user
-Go to the window and see that the image can not be seen with this user.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 00112412.50MP9 closedmarvintm The image selector when filling and image field the first time is not the correct 

-  Notes
rafaroda (developer)
2009-11-05 08:20

The issue does reproduce also with these steps:
1) Create an image field in the business partner window [^]
2) Log as Openbravo with role Openbravo Admin and add an image to the business partner window.
3) Create a new role which has access to business partner window (if you use an already existing role the issue does not reproduce) and give it an organization.
4) Create a new user and assign it this newly created role.
5) Log in with this new user and look for the previous business partner record.

You can not see the image. If the user created was given Openbravo Admin role he could see the image.
hgbot (developer)
2009-11-18 10:02

Repository: erp/devel/pi
Changeset: dcf41c4246535e1d7ee29e238a30d79501066811
Author: Antonio Moreno <antonio.moreno <at>>
Date: Wed Nov 18 10:01:49 2009 +0100
URL: [^]

Fixed issue 11239. Fixed issue 11241.

M src-wad/src/org/openbravo/wad/controls/
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.html
M src/org/openbravo/erpCommon/info/
M src/org/openbravo/erpCommon/info/ImageInfoBLOB.xml
M src/org/openbravo/erpCommon/utility/
rafaroda (developer)
2010-04-14 16:28
edited on: 2010-04-14 16:30

Issue was also reproducing with these steps: BLOB image field only works if you have access to the Application Image window.

1) Add a VARCHAR(32) column to C_BPARTNER table [^]
2) Add the column to the table in the Application Dictionary and then add the field
to the Business Partner tab.
3) Compile the Business Partner window
4) Access the Business Partner window with a role which has NOT access to the
Application Image window.
5) Try to add an image.

Error message displays: Error
org.openbravo.base.exception.OBSecurityException: Entity ADImage is not directly
readable, only id and identifier properties are readable, property
ADImage.bindaryData is neither of these.

6) Give this role access to the Application Image window.
7) Go back to Business Partner window and add an image: OK
8) Remove again for this role the access to Application Image window.
9) Go back to the Business Partner window and select the former record: you are not
able to see the image you just added.

- Issue History
Date Modified Username Field Change
2009-11-04 12:40 networkb New Issue
2009-11-04 12:40 networkb Assigned To => rafaroda
2009-11-05 08:15 rafaroda Relationship added related to 0011241
2009-11-05 08:20 rafaroda Note Added: 0021579
2009-11-05 08:20 rafaroda Assigned To rafaroda => alostale
2009-11-05 08:20 rafaroda Priority immediate => urgent
2009-11-05 08:20 rafaroda Status new => scheduled
2009-11-05 08:20 rafaroda Category B. User interface => C. Security
2009-11-12 10:55 alostale Assigned To alostale => marvintm
2009-11-18 10:02 hgbot Checkin
2009-11-18 10:02 hgbot Note Added: 0021951
2009-11-18 10:02 hgbot Status scheduled => resolved
2009-11-18 10:02 hgbot Resolution open => fixed
2009-11-18 10:02 hgbot Fixed in SCM revision => [^]
2009-11-18 15:54 alostale Status resolved => closed
2009-11-19 00:00 anonymous sf_bug_id 0 => 2900158
2010-04-14 16:28 rafaroda Note Added: 0026193
2010-04-14 16:28 rafaroda Note Edited: 0026193 View Revisions
2010-04-14 16:30 rafaroda Note Edited: 0026193 View Revisions

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker