Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0011269
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] 01. General setupminoralways2009-11-06 13:352009-11-10 00:00
ReportermtaalView Statuspublic 
Assigned Tomtaal 
PriorityimmediateResolutionduplicateFixed in Version
StatusclosedFix in branchFixed in SCM revisione22386187a2e
ProjectionnoneETAnoneTarget Version2.50MP10
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionpiSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0011269: Info button gives security exception

DescriptionWhen you click the info button then a security exception is shown, when you are not in the system admin role. See this stack trace:
… 11:01:28 [http-8888-4] ERROR org.openbravo.base.exception.OBSecurityException - Entity ADSystem is not readable by the user 100
org.openbravo.base.exception.OBSecurityException: Entity ADSystem is not readable by the user 100
        at org.openbravo.dal.security.EntityAccessChecker.checkReadable(EntityAccessChecker.java:284)
        at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:400)
        at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:390)
        at org.openbravo.dal.service.OBDal.get(OBDal.java:158)
        at org.openbravo.erpCommon.obps.ActivationKey.<init>(ActivationKey.java:70)
        at org.openbravo.erpCommon.ad_forms.About.printPageDataSheet(About.java:54)
        at org.openbravo.erpCommon.ad_forms.About.doPost(About.java:43)
        at org.openbravo.base.HttpBaseServlet.doGet(HttpBaseServlet.java:286)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
        at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:224)
        at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:327)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:270)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:220)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:220)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:79)
        at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46)
        at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:220)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:227)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:211)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:817)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:623)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:444)
        at java.lang.Thread.run(Thread.java:619)
Proposed Solutionsurround the call to reading system info in a so-called admin block
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
duplicate of defect 00103432.50MP4 closedshuehner An error is displayed when accessing Info window with an user different from System Administrator 

-  Notes
(0021633)
mtaal (manager)
2009-11-09 09:40

This happens when the user has a role which does not allow read access to AD_System. The fix is done by reading the AD_System information in admin mode.
I tried but I don't the current sample data roles have this.

A fix will be committed/pushed in half an hour or so.

gr. Martin
(0021634)
hgbot (developer)
2009-11-09 09:47

Repository: erp/devel/pi
Changeset: e22386187a2ed07cce31a104481cd16f6b80b24d
Author: Martin Taal <martin.taal <at> openbravo.com>
Date: Mon Nov 09 09:46:16 2009 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/e22386187a2ed07cce31a104481cd16f6b80b24d [^]

fixes issue 11269: Info button gives security exception

---
M src/org/openbravo/erpCommon/obps/ActivationKey.java
---
(0021640)
mtaal (manager)
2009-11-09 11:07

Re-opening it as this was already resolved in another issue.

gr. Martin
(0021641)
mtaal (manager)
2009-11-09 11:09

Duplicate of already solved issue

- Issue History
Date Modified Username Field Change
2009-11-06 13:35 mtaal New Issue
2009-11-06 13:35 mtaal Assigned To => mtaal
2009-11-06 13:38 networkb Priority normal => immediate
2009-11-06 13:38 networkb Target Version 2.50MP9 => 2.50MP10
2009-11-09 09:40 mtaal Note Added: 0021633
2009-11-09 09:47 hgbot Checkin
2009-11-09 09:47 hgbot Note Added: 0021634
2009-11-09 09:47 hgbot Status new => resolved
2009-11-09 09:47 hgbot Resolution open => fixed
2009-11-09 09:47 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/e22386187a2ed07cce31a104481cd16f6b80b24d [^]
2009-11-09 11:07 mtaal Status resolved => new
2009-11-09 11:07 mtaal Resolution fixed => open
2009-11-09 11:07 mtaal Note Added: 0021640
2009-11-09 11:07 mtaal Status new => acknowledged
2009-11-09 11:07 mtaal Resolution open => duplicate
2009-11-09 11:08 mtaal Status acknowledged => scheduled
2009-11-09 11:09 mtaal Relationship added duplicate of 0010343
2009-11-09 11:09 mtaal Status scheduled => closed
2009-11-09 11:09 mtaal Note Added: 0021641
2009-11-09 11:09 mtaal Duplicate ID 0 => 10343
2009-11-10 00:00 anonymous sf_bug_id 0 => 2894889


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker