Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0014677 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2010-09-23 15:05 | 2010-10-16 00:00 | |||
| Reporter | plujan | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | 09be3c03a880 | ||||
| Projection | none | ETA | none | Target Version | 2.50MP23 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | main | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0014677: DE008 It is possible to bypass the security check and use an expired commercial module | |||||||
| Description | It is possible to bypass the security check and use an expired commercial module | |||||||
| Steps To Reproduce | 1. Use an instance with an active subscription. IDL module is installed, but the subscription for IDL has expired yesterday. 2. Login with "userA" a non SysAdmin user. You will receive the expected message. It is not possible to log in. 3. Login with "QA" a SysAdmin user. You will receive the expected message, and you are allowed to continue. 4. Go to Module Management window. Select IDL module and disable it. 5. Open a new browser. Log in with userA. Now there is no message and you can log in. 6. Check that IDL menu entry is not there (since it is disabled) 7. In the QA session (the browser used to disable), enable IDL 8. Refresh userA browser using F5. Now IDL menu entry is there and you are able to open the window and use IDL as usual. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0031521) alostale (manager) 2010-09-30 15:03 |
The problem is in step 4: it should not be allowed to enable again disabled commercial modules which license has expired. |
|
(0031522) hgbot (developer) 2010-09-30 15:05 |
Repository: erp/devel/pi Changeset: 09be3c03a880475617c4537a10e653945a716b1f Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Thu Sep 30 15:04:49 2010 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/09be3c03a880475617c4537a10e653945a716b1f [^] fixed issue 14677: It is possible to use an expired commercial module Disabled commercial modules which license has expired are not allowed to be enabled again. --- M src/org/openbravo/erpCommon/ad_forms/ModuleManagement.java M src/org/openbravo/erpCommon/obps/ActivationKey.java --- |
|
(0031710) hudsonbot (developer) 2010-10-08 20:59 |
A changeset related to this issue has been promoted to main after passing a series of tests and an OBX has been generated: Changeset: http://code.openbravo.com/erp/devel/main/rev/09be3c03a880 [^] Merge Changeset: http://code.openbravo.com/erp/devel/main/rev/f476e192559f [^] Tests: http://builds.openbravo.com/view/int/ [^] OBX: http://builds.openbravo.com/erp/core/obx/OpenbravoERP-2.50CI.18505.obx [^] |
|
(0031882) marvintm (developer) 2010-10-15 16:12 |
Verified that you cannot enable a disabled module you don't have rights to in your license. Also, verified that if you later get the rights to the module and update the license, you can enable the module again. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-09-23 15:05 | plujan | New Issue | |
| 2010-09-23 15:05 | plujan | Assigned To | => alostale |
| 2010-09-27 08:59 | alostale | Status | new => scheduled |
| 2010-09-30 15:03 | alostale | Note Added: 0031521 | |
| 2010-09-30 15:05 | hgbot | Checkin | |
| 2010-09-30 15:05 | hgbot | Note Added: 0031522 | |
| 2010-09-30 15:05 | hgbot | Status | scheduled => resolved |
| 2010-09-30 15:05 | hgbot | Resolution | open => fixed |
| 2010-09-30 15:05 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/09be3c03a880475617c4537a10e653945a716b1f [^] |
| 2010-10-08 20:59 | hudsonbot | Checkin | |
| 2010-10-08 20:59 | hudsonbot | Note Added: 0031710 | |
| 2010-10-15 16:12 | marvintm | Note Added: 0031882 | |
| 2010-10-15 16:12 | marvintm | Status | resolved => closed |
| 2010-10-16 00:00 | anonymous | sf_bug_id | 0 => 3088372 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |