0014697: Entity EVEBUCO_FUNCCLASS is not directly readable

Description

When accessing a selector defined as you can see in SelectorDefinition.png and try to select a value from it with an user which can not read EVEBUCO_FUNCCLASS class you get the following error.

12:50:45 [http-8585-4] ERROR org.openbravo.base.exception.OBSecurityException - Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these.
org.openbravo.base.exception.OBSecurityException: Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these.
    at org.openbravo.base.structure.BaseOBObject.checkDerivedReadable(BaseOBObject.java:172)
    at org.openbravo.base.structure.BaseOBObject.get(BaseOBObject.java:140)
    at org.openbravo.service.json.DataToJsonConverter.toJsonObject(DataToJsonConverter.java:134)
    at org.openbravo.service.json.DataToJsonConverter.toJsonObjects(DataToJsonConverter.java:100)
    at org.openbravo.service.json.DefaultJsonDataService.fetch(DefaultJsonDataService.java:125)
    at org.openbravo.service.datasource.DefaultDataSourceService.fetch(DefaultDataSourceService.java:63)
    at org.openbravo.service.datasource.DataSourceServlet.doFetch(DataSourceServlet.java:144)
    at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:154)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225)
    at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:434)
    at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:91)
    at org.openbravo.client.kernel.BaseKernelServlet$1.process(BaseKernelServlet.java:65)
    at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
    at org.openbravo.client.kernel.BaseKernelServlet.service(BaseKernelServlet.java:67)
    at org.openbravo.service.datasource.DataSourceServlet.service(DataSourceServlet.java:75)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:81)
    at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46)
    at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:103)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
    at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859)
    at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579)
    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555)
    at java.lang.Thread.run(Thread.java:636)

Steps To Reproduce

I'm using a selector with an user which does not have access to the window (which is built in top of EVEBUCO_FUNCCLASS table) related to the selector and get the error: Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these (see SelectorError.png).

In table EVEBUCO_FUNCCLASS table I only defined search key and name as identifiers. I defined the selector as you can see in SelectorDefinition.png.

Tags

No tags attached.

Attached Files

SelectorDefinition.png [^] (66,404 bytes) 2010-09-24 13:22

SelectorError.png [^] (89,038 bytes) 2010-09-24 13:22

Relationships [ Relation Graph ] [ Dependency Graph ]

related to

defect

0015387

closed

gorkaion

DataToJsonConverter check (for access) selector fields which are defined but marked as isactive ='N'

Notes
(0031348) hgbot (developer) 2010-09-24 13:39	Repository: erp/mods/org.openbravo.service.json Changeset: d5bd1147245d29640df13ff94b621fa1d9ae0c1b Author: Martin Taal <martin.taal <at> openbravo.com> Date: Fri Sep 24 13:39:18 2010 +0200 URL: http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/d5bd1147245d29640df13ff94b621fa1d9ae0c1b [^] Fixes issue 14697: Entity EVEBUCO_FUNCCLASS is not directly readable --- M src-test/org/openbravo/service/json/test/JsonConversionTest.java M src/org/openbravo/service/json/DataToJsonConverter.java ---

(0033083) hgbot (developer) 2010-12-09 13:34	Repository: erp/mods/org.openbravo.service.json Changeset: b82e7b3ee9b6710a9fa5803b2b83feca65e2962e Author: Iván Perdomo <ivan.perdomo <at> openbravo.com> Date: Thu Dec 02 13:10:12 2010 +0100 URL: http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/b82e7b3ee9b6710a9fa5803b2b83feca65e2962e [^] Issue 14697: Backport of changeset d5bd1147245d --- M src-test/org/openbravo/service/json/test/JsonConversionTest.java M src/org/openbravo/service/json/DataToJsonConverter.java ---

(0033099) shuehner (administrator) 2010-12-09 17:51	Tested on pi_pg/latest module versions (default branch). Defining selector not having any selector fields (just combobox shown in UI) and using it with a role not having direct access to the underlying table now works fine (besides the newly found related issue). Added junit test for the issue also runs without errors. Also tested backport with rev: b82e7b3ee9b6 of json module (branch core-2.50).

Issue History
Date Modified	Username	Field	Change
2010-09-24 13:22	rafaroda	New Issue
2010-09-24 13:22	rafaroda	Assigned To	=> mtaal
2010-09-24 13:22	rafaroda	File Added: SelectorDefinition.png
2010-09-24 13:22	rafaroda	Issue Monitored: rafaroda
2010-09-24 13:22	rafaroda	File Added: SelectorError.png
2010-09-24 13:39	hgbot	Checkin
2010-09-24 13:39	hgbot	Note Added: 0031348
2010-09-24 13:39	hgbot	Status	new => resolved
2010-09-24 13:39	hgbot	Resolution	open => fixed
2010-09-24 13:39	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/d5bd1147245d29640df13ff94b621fa1d9ae0c1b [^]
2010-12-09 13:34	hgbot	Checkin
2010-12-09 13:34	hgbot	Note Added: 0033083
2010-12-09 15:52	shuehner	Relationship added	related to 0015387
2010-12-09 17:51	shuehner	Note Added: 0033099
2010-12-09 17:51	shuehner	Status	resolved => closed
2010-12-16 22:16	anonymous	sf_bug_id	0 => 3138783