Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0021422 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | minor | always | 2012-08-22 21:53 | 2012-09-28 14:39 | |||
| Reporter | pjuvara | View Status | public | |||||
| Assigned To | AugustoMauch | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 3.0MP16 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | a8b284469c67 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 3.0MP12.1 | SCM revision | ||||||
| Review Assigned To | dbaz | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0021422: Client admin users can see entries that have been removed from the menu | |||||||
| Description | If you personalize the menu by removing windows, you expect that users have no access to them anymore. However, client admins (or users of a role with manual set to No), can see all active windows through the Quick Create and Quick Launch menu, regardless of whether they have been removed from the menu or not. | |||||||
| Steps To Reproduce | In standard installation: 1) Login as system administrator 2) Modify the Menu to remove for example, the Manufacturing sub menu 3) Logout 4) Login as client admin (F&B International Group Admin) 5) Review the menu and make sure that Manufacturing is not there 6) From Quick Launch, invoke "Machine" (one of the entries in Manufacturing) The window opens. | |||||||
| Proposed Solution | Windows that do not appear on the menu should be considered disabled. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  MenuEntryRemoval.png [^] (260,383 bytes) 2012-09-03 09:36
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0051756) AugustoMauch (manager) 2012-09-03 09:45 |
This happens because when a summary level menu entry is deleted its child menu entries are not deleted on cascade. I have deleted the Security summary level menu entry, that has the following sub entries: User, Role, Role Access, Session, Audit Trail and Goodgle Account Association. After deleting Security, all its sub entries are placed under the root menu entry (see attached image MenuEntryRemoval.png), and remain accessible. I think this would have been solved by deleting automatically all the subentries on cascade. Do you want us to do that? Regards, Augusto |
|
(0051778) pjuvara (reporter) 2012-09-03 15:13 |
I apologize: my initial description was not clear enough. I revised what I did and here it is. The objective was to hide Production Management from my customer's menu. I therefore marked with Active = N the summary menu entry Production Management. All the entries under that menu have disappeared from the menu, even if they were themselves active. With that I had assumed that disabling the summary menu entry was enough to disable the whole tree of entries underneath it. I later discovered that those entries are still visible in the Quick Open and Quick Create menu. There is therefore a different semantic interpretation of the active flag in the two tools: 1) Navigation menu: show all entries that are active and have where all the ancestors are active 2) Quick Create/Open: show all entries that are active. We should align the semantic. |
|
(0051779) pjuvara (reporter) 2012-09-03 15:14 |
Once explained in these term (see previous note), the severity of the issue is lower. I am also not sure whether this is a defect or a design defect. |
|
(0051781) pjuvara (reporter) 2012-09-03 15:16 |
In any case, the solution would be to modify the Quick Create/Open so that it shows only entries that are active and were all ancestors are active. |
|
(0051921) hgbot (developer) 2012-09-07 11:41 |
Repository: erp/devel/pi Changeset: a8b284469c67c2c23581495f1226f2415e4a1ca4 Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Fri Sep 07 11:40:09 2012 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/a8b284469c67c2c23581495f1226f2415e4a1ca4 [^] Fixes issue 21422: Only menu-accessible will be shown in Quick create / Open In order for a window to be accessible through the Quick create / Open controls, it has to be accessible using the menu. The means that all its menu ancestors has to be active. --- M modules/org.openbravo.client.application/src/org/openbravo/client/application/MenuManager.java --- |
|
(0052617) AugustoMauch (manager) 2012-09-26 11:52 |
Reopened to update Closed by field |
|
(0052707) hudsonbot (developer) 2012-09-26 17:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/b780e90c6452 [^] Maturity status: Test |
|
(0052800) hgbot (developer) 2012-09-26 17:28 |
Repository: erp/devel/pi Changeset: 8a0aed9bd90d9cac29addda0dd1791e59b1f755e Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Wed Sep 26 17:26:55 2012 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/8a0aed9bd90d9cac29addda0dd1791e59b1f755e [^] Related to issue 21422: Code refactored so isAccessible is a MenuOption method --- M modules/org.openbravo.client.application/src/org/openbravo/client/application/MenuManager.java --- |
|
(0052804) dbaz (developer) 2012-09-26 17:45 |
Reviewed @ changeset: 18052 - 8a0aed9bd90d |
|
(0052912) hudsonbot (developer) 2012-09-28 14:39 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/6d2f8cffd4b1 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-08-22 21:53 | pjuvara | New Issue | |
| 2012-08-22 21:53 | pjuvara | Assigned To | => alostale |
| 2012-08-22 21:53 | pjuvara | Modules | => Core |
| 2012-09-03 09:35 | AugustoMauch | Assigned To | alostale => AugustoMauch |
| 2012-09-03 09:36 | AugustoMauch | File Added: MenuEntryRemoval.png | |
| 2012-09-03 09:45 | AugustoMauch | Note Added: 0051756 | |
| 2012-09-03 09:45 | AugustoMauch | Status | new => feedback |
| 2012-09-03 15:13 | pjuvara | Note Added: 0051778 | |
| 2012-09-03 15:13 | pjuvara | Status | feedback => new |
| 2012-09-03 15:14 | pjuvara | Note Added: 0051779 | |
| 2012-09-03 15:14 | pjuvara | Severity | major => minor |
| 2012-09-03 15:16 | pjuvara | Note Added: 0051781 | |
| 2012-09-07 11:38 | AugustoMauch | Closed by | => alostale |
| 2012-09-07 11:41 | hgbot | Checkin | |
| 2012-09-07 11:41 | hgbot | Note Added: 0051921 | |
| 2012-09-07 11:41 | hgbot | Status | new => resolved |
| 2012-09-07 11:41 | hgbot | Resolution | open => fixed |
| 2012-09-07 11:41 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/a8b284469c67c2c23581495f1226f2415e4a1ca4 [^] |
| 2012-09-26 11:52 | AugustoMauch | Note Added: 0052617 | |
| 2012-09-26 11:52 | AugustoMauch | Status | resolved => new |
| 2012-09-26 11:52 | AugustoMauch | Resolution | fixed => open |
| 2012-09-26 11:53 | AugustoMauch | Closed by | alostale => dbaz |
| 2012-09-26 11:53 | AugustoMauch | Status | new => scheduled |
| 2012-09-26 11:54 | AugustoMauch | Status | scheduled => resolved |
| 2012-09-26 11:54 | AugustoMauch | Resolution | open => fixed |
| 2012-09-26 17:18 | hudsonbot | Checkin | |
| 2012-09-26 17:18 | hudsonbot | Note Added: 0052707 | |
| 2012-09-26 17:28 | hgbot | Checkin | |
| 2012-09-26 17:28 | hgbot | Note Added: 0052800 | |
| 2012-09-26 17:45 | dbaz | Note Added: 0052804 | |
| 2012-09-26 17:45 | dbaz | Status | resolved => closed |
| 2012-09-26 17:45 | dbaz | Fixed in Version | => 3.0MP16 |
| 2012-09-28 14:39 | hudsonbot | Checkin | |
| 2012-09-28 14:39 | hudsonbot | Note Added: 0052912 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |