0011269: Info button gives security exception

Description

When you click the info button then a security exception is shown, when you are not in the system admin role. See this stack trace:
… 11:01:28 [http-8888-4] ERROR org.openbravo.base.exception.OBSecurityException - Entity ADSystem is not readable by the user 100
org.openbravo.base.exception.OBSecurityException: Entity ADSystem is not readable by the user 100
        at org.openbravo.dal.security.EntityAccessChecker.checkReadable(EntityAccessChecker.java:284)
        at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:400)
        at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:390)
        at org.openbravo.dal.service.OBDal.get(OBDal.java:158)
        at org.openbravo.erpCommon.obps.ActivationKey.<init>(ActivationKey.java:70)
        at org.openbravo.erpCommon.ad_forms.About.printPageDataSheet(About.java:54)
        at org.openbravo.erpCommon.ad_forms.About.doPost(About.java:43)
        at org.openbravo.base.HttpBaseServlet.doGet(HttpBaseServlet.java:286)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
        at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:224)
        at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:327)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:270)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:220)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:220)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:79)
        at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46)
        at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:220)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:191)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:227)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:211)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:817)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:623)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:444)
        at java.lang.Thread.run(Thread.java:619)

Proposed Solution

surround the call to reading system info in a so-called admin block

Tags

No tags attached.

Attached Files

Relationships [ Relation Graph ] [ Dependency Graph ]

duplicate of

defect

0010343

2.50MP4

closed

shuehner

An error is displayed when accessing Info window with an user different from System Administrator

Notes
(0021633) mtaal (manager) 2009-11-09 09:40	This happens when the user has a role which does not allow read access to AD_System. The fix is done by reading the AD_System information in admin mode. I tried but I don't the current sample data roles have this. A fix will be committed/pushed in half an hour or so. gr. Martin

(0021634) hgbot (developer) 2009-11-09 09:47	Repository: erp/devel/pi Changeset: e22386187a2ed07cce31a104481cd16f6b80b24d Author: Martin Taal <martin.taal <at> openbravo.com> Date: Mon Nov 09 09:46:16 2009 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/e22386187a2ed07cce31a104481cd16f6b80b24d [^] fixes issue 11269: Info button gives security exception --- M src/org/openbravo/erpCommon/obps/ActivationKey.java ---

(0021640) mtaal (manager) 2009-11-09 11:07	Re-opening it as this was already resolved in another issue. gr. Martin

(0021641) mtaal (manager) 2009-11-09 11:09	Duplicate of already solved issue

Issue History
Date Modified	Username	Field	Change
2009-11-06 13:35	mtaal	New Issue
2009-11-06 13:35	mtaal	Assigned To	=> mtaal
2009-11-06 13:38	networkb	Priority	normal => immediate
2009-11-06 13:38	networkb	Target Version	2.50MP9 => 2.50MP10
2009-11-09 09:40	mtaal	Note Added: 0021633
2009-11-09 09:47	hgbot	Checkin
2009-11-09 09:47	hgbot	Note Added: 0021634
2009-11-09 09:47	hgbot	Status	new => resolved
2009-11-09 09:47	hgbot	Resolution	open => fixed
2009-11-09 09:47	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/devel/pi/rev/e22386187a2ed07cce31a104481cd16f6b80b24d [^]
2009-11-09 11:07	mtaal	Status	resolved => new
2009-11-09 11:07	mtaal	Resolution	fixed => open
2009-11-09 11:07	mtaal	Note Added: 0021640
2009-11-09 11:07	mtaal	Status	new => acknowledged
2009-11-09 11:07	mtaal	Resolution	open => duplicate
2009-11-09 11:08	mtaal	Status	acknowledged => scheduled
2009-11-09 11:09	mtaal	Relationship added	duplicate of 0010343
2009-11-09 11:09	mtaal	Status	scheduled => closed
2009-11-09 11:09	mtaal	Note Added: 0021641
2009-11-09 11:09	mtaal	Duplicate ID	0 => 10343
2009-11-10 00:00	anonymous	sf_bug_id	0 => 2894889