Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0018104
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajorhave not tried2011-07-27 18:272011-08-06 05:33
ReportermarvintmView Statuspublic 
Assigned Tomarvintm 
PrioritynormalResolutionfixedFixed in Version
StatusclosedFix in branchFixed in SCM revision42e0ebfeecb7
ProjectionnoneETAnoneTarget Version3.0MP2
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0018104: export csv doesn't work if current role doesn't have access to ad_tab

DescriptionThe export csv functionality fails if the current role doesn't have access to ad_tab. An error is raised:

 ERROR org.openbravo.base.exception.OBSecurityException - Entity ADTab is not readable by the user 1000037
org.openbravo.base.exception.OBSecurityException: Entity ADTab is not readable by the user 1000037
        at org.openbravo.dal.security.EntityAccessChecker.checkReadable(EntityAccessChecker.java:347)
        at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:533)
        at org.openbravo.dal.service.OBDal.checkReadAccess(OBDal.java:520)
        at org.openbravo.dal.service.OBDal.get(OBDal.java:256)
        at org.openbravo.service.datasource.DataSourceServlet.doFetch(DataSourceServlet.java:199)
        at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:543)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at org.openbravo.base.HttpBaseServlet.serviceInitialized(HttpBaseServlet.java:225)
        at org.openbravo.base.secureApp.HttpSecureAppServlet.service(HttpSecureAppServlet.java:454)
        at org.openbravo.client.kernel.BaseKernelServlet.callServiceInSuper(BaseKernelServlet.java:89)
        at org.openbravo.client.kernel.BaseKernelServlet.service(BaseKernelServlet.java:65)
        at org.openbravo.service.datasource.DataSourceServlet.service(DataSourceServlet.java:117)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
Steps To Reproduce- Export to CSV in a role without access to ad_tab.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0039457)
hgbot (developer)
2011-07-27 18:34

 Repository: erp/devel/pi
Changeset: 42e0ebfeecb705873fd8a6bf9165584b6e4210c0
Author: Antonio Moreno <antonio.moreno <at> openbravo.com>
Date: Wed Jul 27 18:28:44 2011 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/42e0ebfeecb705873fd8a6bf9165584b6e4210c0 [^]

Fixed issue 18104. Export to CSV will work without access to ad_tab

---
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
---
(0039711)
hudsonbot (developer)
2011-08-01 14:22

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/cf2afed6e8ef [^]

Maturity status: Test
(0039871)
hgbot (developer)
2011-08-04 17:02

 Repository: erp/devel/pi
Changeset: c2e05adb9aca0cc210464c41dad41a5e47d71229
Author: Antonio Moreno <antonio.moreno <at> openbravo.com>
Date: Thu Aug 04 17:00:26 2011 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/c2e05adb9aca0cc210464c41dad41a5e47d71229 [^]

Related to issue 18104. Restricted usage of adminmode to what is needed to improve security

---
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
---
(0039872)
shuehner (administrator)
2011-08-04 17:37

 Reviewed&tested on pi/pgsql (rev id:70ff55cea872). doing export to csv in generated window + querylistwidget works fine with restricted role.
(0039967)
hudsonbot (developer)
2011-08-06 05:33

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/5744448753e7 [^]

Maturity status: Test

- Issue History
Date Modified Username Field Change
2011-07-27 18:27 marvintm New Issue
2011-07-27 18:28 marvintm Assigned To => marvintm
2011-07-27 18:28 marvintm Modules => Core
2011-07-27 18:34 hgbot Checkin
2011-07-27 18:34 hgbot Note Added: 0039457
2011-07-27 18:34 hgbot Status new => resolved
2011-07-27 18:34 hgbot Resolution open => fixed
2011-07-27 18:34 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/42e0ebfeecb705873fd8a6bf9165584b6e4210c0 [^]
2011-08-01 14:22 hudsonbot Checkin
2011-08-01 14:22 hudsonbot Note Added: 0039711
2011-08-04 17:02 hgbot Checkin
2011-08-04 17:02 hgbot Note Added: 0039871
2011-08-04 17:37 shuehner Note Added: 0039872
2011-08-04 17:37 shuehner Status resolved => closed
2011-08-06 05:33 hudsonbot Checkin
2011-08-06 05:33 hudsonbot Note Added: 0039967

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker