Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | ||||||||
0018104 | ||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
defect | [Openbravo ERP] A. Platform | major | have not tried | 2011-07-27 18:27 | 2011-08-06 05:33 | |||
Reporter | marvintm | View Status | public | |||||
Assigned To | marvintm | |||||||
Priority | normal | Resolution | fixed | Fixed in Version | ||||
Status | closed | Fix in branch | Fixed in SCM revision | 42e0ebfeecb7 | ||||
Projection | none | ETA | none | Target Version | 3.0MP2 | |||
OS | Any | Database | Any | Java version | ||||
OS Version | Database version | Ant version | ||||||
Product Version | SCM revision | |||||||
Review Assigned To | ||||||||
Web browser | ||||||||
Modules | Core | |||||||
Regression level | ||||||||
Regression date | ||||||||
Regression introduced in release | ||||||||
Regression introduced by commit | ||||||||
Triggers an Emergency Pack | No | |||||||
Summary | 0018104: export csv doesn't work if current role doesn't have access to ad_tab | |||||||
Description | The export csv functionality fails if the current role doesn't have access to ad_tab. An error is raised: ERROR org.openbravo.base.exception.OBSecurityException - Entity ADTab is not readable by the user 1000037 org.openbravo.base.exception.OBSecurityException: Entity ADTab is not readable by the user 1000037 at org.openbravo.dal.security.EntityAccessChecker.checkReadable(EntityAccessChecker.java:347) at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:533) at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:520) at org.openbravo.dal.service.OBDal.get(OBDal.java:256) at org.openbravo.service.datasource.DataSourceServlet.doFetch(DataSourceServlet.java:199) at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:543) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225) at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:454) at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:89) at org.openbravo.client.kernel.BaseKernelServlet.service(BaseKernelServlet.java:65) at org.openbravo.service.datasource.DataSourceServlet.service(DataSourceServlet.java:117) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) | |||||||
Steps To Reproduce | - Export to CSV in a role without access to ad_tab. | |||||||
Tags | No tags attached. | |||||||
Attached Files | ||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | |
Notes | |
(0039457) hgbot (developer) 2011-07-27 18:34 |
Repository: erp/devel/pi Changeset: 42e0ebfeecb705873fd8a6bf9165584b6e4210c0 Author: Antonio Moreno <antonio.moreno <at> openbravo.com> Date: Wed Jul 27 18:28:44 2011 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/42e0ebfeecb705873fd8a6bf9165584b6e4210c0 [^] Fixed issue 18104. Export to CSV will work without access to ad_tab --- M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java --- |
(0039711) hudsonbot (developer) 2011-08-01 14:22 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/cf2afed6e8ef [^] Maturity status: Test |
(0039871) hgbot (developer) 2011-08-04 17:02 |
Repository: erp/devel/pi Changeset: c2e05adb9aca0cc210464c41dad41a5e47d71229 Author: Antonio Moreno <antonio.moreno <at> openbravo.com> Date: Thu Aug 04 17:00:26 2011 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/c2e05adb9aca0cc210464c41dad41a5e47d71229 [^] Related to issue 18104. Restricted usage of adminmode to what is needed to improve security --- M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java --- |
(0039872) shuehner (administrator) 2011-08-04 17:37 |
Reviewed&tested on pi/pgsql (rev id:70ff55cea872). doing export to csv in generated window + querylistwidget works fine with restricted role. |
(0039967) hudsonbot (developer) 2011-08-06 05:33 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/5744448753e7 [^] Maturity status: Test |
Issue History | |||
Date Modified | Username | Field | Change |
2011-07-27 18:27 | marvintm | New Issue | |
2011-07-27 18:28 | marvintm | Assigned To | => marvintm |
2011-07-27 18:28 | marvintm | Modules | => Core |
2011-07-27 18:34 | hgbot | Checkin | |
2011-07-27 18:34 | hgbot | Note Added: 0039457 | |
2011-07-27 18:34 | hgbot | Status | new => resolved |
2011-07-27 18:34 | hgbot | Resolution | open => fixed |
2011-07-27 18:34 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/42e0ebfeecb705873fd8a6bf9165584b6e4210c0 [^] |
2011-08-01 14:22 | hudsonbot | Checkin | |
2011-08-01 14:22 | hudsonbot | Note Added: 0039711 | |
2011-08-04 17:02 | hgbot | Checkin | |
2011-08-04 17:02 | hgbot | Note Added: 0039871 | |
2011-08-04 17:37 | shuehner | Note Added: 0039872 | |
2011-08-04 17:37 | shuehner | Status | resolved => closed |
2011-08-06 05:33 | hudsonbot | Checkin | |
2011-08-06 05:33 | hudsonbot | Note Added: 0039967 |
Copyright © 2000 - 2009 MantisBT Group |