Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0015387
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformminorhave not tried2010-12-09 15:032011-05-24 10:56
ReportershuehnerView Statuspublic 
Assigned Togorkaion 
PrioritynormalResolutionfixedFixed in Version
StatusclosedFix in branchpiFixed in SCM revision53196cb59edb
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesJSON Datasource
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0015387: DataToJsonConverter check (for access) selector fields which are defined but marked as isactive ='N'

DescriptionStart with scenario of issue 14697. Define a selector having no fields.
I.e. Selector based on m_product use that selector in i.e. Sales Order (lines)
Use(create) a role not having access to m_product table (i.e. no windows access to any window based on that table) and try to use the defined selector.

As only _identifier is used by the selector should work fine as those are derived readable.

Now add a defined selector field based on property path "uOM.id" but mark this field as isactive='N'.
Notice that you'll get an exception about access to that inactive field.
TagsclosingMay2011
Attached Filespng file icon 15387.png [^] (8,116 bytes) 2010-12-09 15:06

- Relationships Relation Graph ] Dependency Graph ]
related to defect 0014697 closedmtaal Entity EVEBUCO_FUNCCLASS is not directly readable 
related to defect 0015391 closedgorkaion Defined selector with three inActive selector fields -> renders popup in classic window with all possible fields being shown 
depends on backport 0016118 closedgorkaion DataToJsonConverter check (for access) selector fields which are defined but marked as isactive ='N' 

-  Notes
(0033085)
shuehner (administrator)
2010-12-09 15:04

 Stacktrace of exception:
186355 [http-8080-3] ERROR org.openbravo.base.exception.OBSecurityException - Entity Product is not directly readable, only id and identifier properties are readable, property Product.uOM is neither of these.
org.openbravo.base.exception.OBSecurityException: Entity Product is not directly readable, only id and identifier properties are readable, property Product.uOM is neither of these.
    at org.openbravo.base.structure.BaseOBObject.checkDerivedReadable(BaseOBObject.java:172)
    at org.openbravo.base.structure.BaseOBObject.get(BaseOBObject.java:140)
    at org.openbravo.service.json.DataToJsonConverter.getValueFromPath(DataToJsonConverter.java:197)
    at org.openbravo.service.json.DataToJsonConverter.toJsonObject(DataToJsonConverter.java:154)
    at org.openbravo.service.json.DataToJsonConverter.toJsonObjects(DataToJsonConverter.java:101)
    at org.openbravo.service.json.DefaultJsonDataService.fetch(DefaultJsonDataService.java:125)
    at org.openbravo.service.datasource.DefaultDataSourceService.fetch(DefaultDataSourceService.java:63)
    at org.openbravo.service.datasource.DataSourceServlet.doFetch(DataSourceServlet.java:144)
    at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:154)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
    at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225)
    at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:470)
    at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:91)
    at org.openbravo.client.kernel.BaseKernelServlet$1.process(BaseKernelServlet.java:65)
    at org.jboss.seam.servlet.ContextualHttpServletRequest.run(ContextualHttpServletRequest.java:53)
    at org.openbravo.client.kernel.BaseKernelServlet.service(BaseKernelServlet.java:62)
    at org.openbravo.service.datasource.DataSourceServlet.service(DataSourceServlet.java:75)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
(0033086)
shuehner (administrator)
2010-12-09 15:06

 Note: noticed with revision b82e7b3ee9b6 of the service.json module which is tag 1.0.9 + changeset from 14697 (in named branch core-2.50)
(0033093)
shuehner (administrator)
2010-12-09 16:46

 Note: obx files attached to issue 15391 can be also used as a definition for this usecase.
(0034530)
hgbot (developer)
2011-03-03 12:30

 Repository: erp/devel/pi
Changeset: 53196cb59edb975b4ecfd42bfe519d1d400ca2c2
Author: Gorka Ion Damián <gorkaion.damian <at> openbravo.com>
Date: Thu Mar 03 12:27:32 2011 +0100
URL: http://code.openbravo.com/erp/devel/pi/rev/53196cb59edb975b4ecfd42bfe519d1d400ca2c2 [^]

Fixed issue 15391. Fixed issue 15387. Get only active fields from selector.

---
M modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/CustomQuerySelectorDatasource.java
M modules/org.openbravo.userinterface.selector/src/org/openbravo/userinterface/selector/SelectorComponent.java
---

- Issue History
Date Modified Username Field Change
2010-12-09 15:03 shuehner New Issue
2010-12-09 15:03 shuehner Assigned To => alostale
2010-12-09 15:03 shuehner Modules => JSON Datasource
2010-12-09 15:04 shuehner Assigned To alostale => mtaal
2010-12-09 15:04 shuehner Note Added: 0033085
2010-12-09 15:06 shuehner File Added: 15387.png
2010-12-09 15:06 shuehner Note Added: 0033086
2010-12-09 15:52 shuehner Relationship added related to 0014697
2010-12-09 16:46 shuehner Relationship added related to 0015391
2010-12-09 16:46 shuehner Note Added: 0033093
2010-12-13 09:03 alostale Status new => scheduled
2011-02-28 15:38 mtaal Assigned To mtaal => gorkaion
2011-03-03 12:20 gorkaion Status scheduled => acknowledged
2011-03-03 12:20 gorkaion Status acknowledged => scheduled
2011-03-03 12:20 gorkaion fix_in_branch => pi
2011-03-03 12:30 hgbot Checkin
2011-03-03 12:30 hgbot Note Added: 0034530
2011-03-03 12:30 hgbot Status scheduled => resolved
2011-03-03 12:30 hgbot Resolution open => fixed
2011-03-03 12:30 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/53196cb59edb975b4ecfd42bfe519d1d400ca2c2 [^]
2011-05-24 10:11 dalsasua Tag Attached: closingMay2011
2011-05-24 10:56 dalsasua Status resolved => closed

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker