Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | ||||||||
0014697 | ||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
defect | [Openbravo ERP] Z. Others | major | always | 2010-09-24 13:22 | 2010-12-16 22:16 | |||
Reporter | rafaroda | View Status | public | |||||
Assigned To | mtaal | |||||||
Priority | high | Resolution | fixed | Fixed in Version | ||||
Status | closed | Fix in branch | Fixed in SCM revision | d5bd1147245d | ||||
Projection | none | ETA | none | Target Version | ||||
OS | Linux 32 bit | Database | PostgreSQL | Java version | 1.6.0_18 | |||
OS Version | Community Appliance | Database version | 8.3.9 | Ant version | 1.7.1 | |||
Product Version | 2.50 | SCM revision | ||||||
Review Assigned To | ||||||||
Web browser | ||||||||
Modules | JSON REST Webservice | |||||||
Regression level | ||||||||
Regression date | ||||||||
Regression introduced in release | ||||||||
Regression introduced by commit | ||||||||
Triggers an Emergency Pack | No | |||||||
Summary | 0014697: Entity EVEBUCO_FUNCCLASS is not directly readable | |||||||
Description | When accessing a selector defined as you can see in SelectorDefinition.png and try to select a value from it with an user which can not read EVEBUCO_FUNCCLASS class you get the following error. 12:50:45 [http-8585-4] ERROR org.openbravo.base.exception.OBSecurityException - Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these. org.openbravo.base.exception.OBSecurityException: Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these. at org.openbravo.base.structure.BaseOBObject.checkDerivedReadable(BaseOBObject.java:172) at org.openbravo.base.structure.BaseOBObject.get(BaseOBObject.java:140) at org.openbravo.service.json.DataToJsonConverter.toJsonObject(DataToJsonConverter.java:134) at org.openbravo.service.json.DataToJsonConverter.toJsonObjects(DataToJsonConverter.java:100) at org.openbravo.service.json.DefaultJsonDataService.fetch(DefaultJsonDataService.java:125) at org.openbravo.service.datasource.DefaultDataSourceService.fetch(DefaultDataSourceService.java:63) at org.openbravo.service.datasource.DataSourceServlet.doFetch(DataSourceServlet.java:144) at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:154) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225) at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:434) at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:91) at org.openbravo.client.kernel.BaseKernelServlet$1.process(BaseKernelServlet.java:65) at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53) at org.openbravo.client.kernel.BaseKernelServlet.service(BaseKernelServlet.java:67) at org.openbravo.service.datasource.DataSourceServlet.service(DataSourceServlet.java:75) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.utils.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:66) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.utils.CharsetFilter.doFilter(CharsetFilter.java:35) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.openbravo.dal.core.DalRequestFilter$1.doAction(DalRequestFilter.java:81) at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:46) at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:859) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1555) at java.lang.Thread.run(Thread.java:636) | |||||||
Steps To Reproduce | I'm using a selector with an user which does not have access to the window (which is built in top of EVEBUCO_FUNCCLASS table) related to the selector and get the error: Entity EVEBUCO_FUNCCLASS is not directly readable, only id and identifier properties are readable, property EVEBUCO_FUNCCLASS.description is neither of these (see SelectorError.png). In table EVEBUCO_FUNCCLASS table I only defined search key and name as identifiers. I defined the selector as you can see in SelectorDefinition.png. | |||||||
Tags | No tags attached. | |||||||
Attached Files | SelectorDefinition.png [^] (66,404 bytes) 2010-09-24 13:22
SelectorError.png [^] (89,038 bytes) 2010-09-24 13:22 | |||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | ||||||||
|
Notes | |
(0031348) hgbot (developer) 2010-09-24 13:39 |
Repository: erp/mods/org.openbravo.service.json Changeset: d5bd1147245d29640df13ff94b621fa1d9ae0c1b Author: Martin Taal <martin.taal <at> openbravo.com> Date: Fri Sep 24 13:39:18 2010 +0200 URL: http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/d5bd1147245d29640df13ff94b621fa1d9ae0c1b [^] Fixes issue 14697: Entity EVEBUCO_FUNCCLASS is not directly readable --- M src-test/org/openbravo/service/json/test/JsonConversionTest.java M src/org/openbravo/service/json/DataToJsonConverter.java --- |
(0033083) hgbot (developer) 2010-12-09 13:34 |
Repository: erp/mods/org.openbravo.service.json Changeset: b82e7b3ee9b6710a9fa5803b2b83feca65e2962e Author: Iván Perdomo <ivan.perdomo <at> openbravo.com> Date: Thu Dec 02 13:10:12 2010 +0100 URL: http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/b82e7b3ee9b6710a9fa5803b2b83feca65e2962e [^] Issue 14697: Backport of changeset d5bd1147245d --- M src-test/org/openbravo/service/json/test/JsonConversionTest.java M src/org/openbravo/service/json/DataToJsonConverter.java --- |
(0033099) shuehner (administrator) 2010-12-09 17:51 |
Tested on pi_pg/latest module versions (default branch). Defining selector not having any selector fields (just combobox shown in UI) and using it with a role not having direct access to the underlying table now works fine (besides the newly found related issue). Added junit test for the issue also runs without errors. Also tested backport with rev: b82e7b3ee9b6 of json module (branch core-2.50). |
Issue History | |||
Date Modified | Username | Field | Change |
2010-09-24 13:22 | rafaroda | New Issue | |
2010-09-24 13:22 | rafaroda | Assigned To | => mtaal |
2010-09-24 13:22 | rafaroda | File Added: SelectorDefinition.png | |
2010-09-24 13:22 | rafaroda | Issue Monitored: rafaroda | |
2010-09-24 13:22 | rafaroda | File Added: SelectorError.png | |
2010-09-24 13:39 | hgbot | Checkin | |
2010-09-24 13:39 | hgbot | Note Added: 0031348 | |
2010-09-24 13:39 | hgbot | Status | new => resolved |
2010-09-24 13:39 | hgbot | Resolution | open => fixed |
2010-09-24 13:39 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/mods/org.openbravo.service.json/rev/d5bd1147245d29640df13ff94b621fa1d9ae0c1b [^] |
2010-12-09 13:34 | hgbot | Checkin | |
2010-12-09 13:34 | hgbot | Note Added: 0033083 | |
2010-12-09 15:52 | shuehner | Relationship added | related to 0015387 |
2010-12-09 17:51 | shuehner | Note Added: 0033099 | |
2010-12-09 17:51 | shuehner | Status | resolved => closed |
2010-12-16 22:16 | anonymous | sf_bug_id | 0 => 3138783 |
Copyright © 2000 - 2009 MantisBT Group |