Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0011387 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] 00. Application dictionary | minor | have not tried | 2009-11-17 12:49 | 2009-11-20 00:00 | |||
| Reporter | mtaal | View Status | public | |||||
| Assigned To | mtaal | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | d6e8a0f9dc7f | ||||
| Projection | none | ETA | none | Target Version | 2.50MP9 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | pi | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0011387: Enable isInAdministratorMode() also in case of user "0" independent of its role | |||||||
| Description | Currently the OBContext.isInAdministratorMode() returns true if the role is the "0" role or if admin mode is set explicitly. It should also return true if the current user id == "0" | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0021968) hgbot (developer) 2009-11-18 14:17 |
Repository: erp/devel/pi Changeset: d6e8a0f9dc7fe347ecc8012e95714d8987a4b1d0 Author: Martin Taal <martin.taal <at> openbravo.com> Date: Wed Nov 18 14:17:21 2009 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/d6e8a0f9dc7fe347ecc8012e95714d8987a4b1d0 [^] fixes issue 11387: Enable isInAdministratorMode() also in case of user \"0\" independent of its role --- M build.xml M src-db/database/build.xml M src/build.xml M src/org/openbravo/dal/core/DalInitializingTask.java M src/org/openbravo/dal/core/OBContext.java --- |
|
(0021969) mtaal (manager) 2009-11-18 14:22 |
Added these comments from an email conversation, the solution has been done as discussed here: Hi Ismael, Hmm, currently admin mode is just setting a flag which disables security checks. It keeps the current user context as it can make sense to still know who made the changes also for other things it can make sense to keep the context as it is (and just disable security) like the client and organization. Let me know if that's fine to (or not ofcourse :-) . I agree that instead of using user="0" the ant tasks should set admincontext, so that part is clear. And it should solve the issue also (so then there is no need to change the admin mode behavior). gr. Martin Ismael Ciordia, Openbravo wrote: > > Martin, > > > > imo setAdminMode should set user=0, role=0 in the context and ignore if user > > 0 is granted to use role 0. Then ant tasks and other "admin" actions should > > use setAdminMode. > > > > I think that privileges should only depend on the role in the context, and > > adminMode should not be an exception. > > > > Ismael > > > > -----Mensaje original----- > > De: team.platform-bounces@openbravo.com > > [mailto:team.platform-bounces@openbravo.com]En nombre de Martin Taal > > Enviado el: martes, 17 de noviembre de 2009 13:04 > > Para: team.platform@openbravo.com > > Asunto: [team.platform] User "0" as admin user (in addition to role "0") > > > > > > Hi, > > The DAL assumes that the role with id "0" is the admin role and will not > > perform security checks if the user has this role. However, there are > > some cases in the system where the "0" user is used directly. For > > example certain ant tasks. This is done with the assumption that the > > user "0" will have the "0" role as the default role. > > > > There are however sometimes customers who (accidentally) change the > > default role of the "0" user. This results in failing ant tasks as the > > "0" user then does not have enough authorizations. > > > > So the proposal is to extend the admin mode meaning to: > > user == "0" || role == "0" --> adminMode > > > > Let me know if you have any comments/remarks about this. > > > > If I hear no comments then I will do this (small) change late wednesday > > or thursday. |
|
(0022032) shuehner (administrator) 2009-11-19 17:07 |
Tested working fine. Testcase: changing default_role_id for aD_user_id=0 to a non system administrator role. Without the fix from this issue applied export.database then fails with 'Entity Dataset is not readable by the user 0' . With the change applied the export.database completes without the error. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-11-17 12:49 | mtaal | New Issue | |
| 2009-11-17 12:49 | mtaal | Assigned To | => mtaal |
| 2009-11-18 14:17 | hgbot | Checkin | |
| 2009-11-18 14:17 | hgbot | Note Added: 0021968 | |
| 2009-11-18 14:17 | hgbot | Status | new => resolved |
| 2009-11-18 14:17 | hgbot | Resolution | open => fixed |
| 2009-11-18 14:17 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/d6e8a0f9dc7fe347ecc8012e95714d8987a4b1d0 [^] |
| 2009-11-18 14:22 | mtaal | Note Added: 0021969 | |
| 2009-11-19 17:07 | shuehner | Note Added: 0022032 | |
| 2009-11-19 17:07 | shuehner | Status | resolved => closed |
| 2009-11-20 00:00 | anonymous | sf_bug_id | 0 => 2900821 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |