Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0021422
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securityminoralways2012-08-22 21:532012-09-28 14:39
ReporterpjuvaraView Statuspublic 
Assigned ToAugustoMauch 
PrioritynormalResolutionfixedFixed in Version3.0MP16
StatusclosedFix in branchFixed in SCM revisiona8b284469c67
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product Version3.0MP12.1SCM revision 
Merge Request Status
Review Assigned Todbaz
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0021422: Client admin users can see entries that have been removed from the menu

DescriptionIf you personalize the menu by removing windows, you expect that users have no access to them anymore.
However, client admins (or users of a role with manual set to No), can see all active windows through the Quick Create and Quick Launch menu, regardless of whether they have been removed from the menu or not.
Steps To ReproduceIn standard installation:
1) Login as system administrator
2) Modify the Menu to remove for example, the Manufacturing sub menu
3) Logout
4) Login as client admin (F&B International Group Admin)
5) Review the menu and make sure that Manufacturing is not there
6) From Quick Launch, invoke "Machine" (one of the entries in Manufacturing)

The window opens.
Proposed SolutionWindows that do not appear on the menu should be considered disabled.
TagsNo tags attached.
Attached Filespng file icon MenuEntryRemoval.png [^] (260,383 bytes) 2012-09-03 09:36

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0051756)
AugustoMauch (administrator)
2012-09-03 09:45

 This happens because when a summary level menu entry is deleted its child menu entries are not deleted on cascade.

I have deleted the Security summary level menu entry, that has the following sub entries: User, Role, Role Access, Session, Audit Trail and Goodgle Account Association. After deleting Security, all its sub entries are placed under the root menu entry (see attached image MenuEntryRemoval.png), and remain accessible.

I think this would have been solved by deleting automatically all the subentries on cascade. Do you want us to do that?

Regards,

Augusto
(0051778)
pjuvara (viewer)
2012-09-03 15:13

 I apologize: my initial description was not clear enough.

I revised what I did and here it is. The objective was to hide Production Management from my customer's menu.
I therefore marked with Active = N the summary menu entry Production Management.

All the entries under that menu have disappeared from the menu, even if they were themselves active.

With that I had assumed that disabling the summary menu entry was enough to disable the whole tree of entries underneath it.

I later discovered that those entries are still visible in the Quick Open and Quick Create menu.

There is therefore a different semantic interpretation of the active flag in the two tools:

1) Navigation menu: show all entries that are active and have where all the ancestors are active

2) Quick Create/Open: show all entries that are active.

We should align the semantic.
(0051779)
pjuvara (viewer)
2012-09-03 15:14

 Once explained in these term (see previous note), the severity of the issue is lower.

I am also not sure whether this is a defect or a design defect.
(0051781)
pjuvara (viewer)
2012-09-03 15:16

 In any case, the solution would be to modify the Quick Create/Open so that it shows only entries that are active and were all ancestors are active.
(0051921)
hgbot (developer)
2012-09-07 11:41

 Repository: erp/devel/pi
Changeset: a8b284469c67c2c23581495f1226f2415e4a1ca4
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Fri Sep 07 11:40:09 2012 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/a8b284469c67c2c23581495f1226f2415e4a1ca4 [^]

Fixes issue 21422: Only menu-accessible will be shown in Quick create / Open

In order for a window to be accessible through the Quick create / Open controls, it has to be accessible using the menu. The means that all its menu ancestors has to be active.

---
M modules/org.openbravo.client.application/src/org/openbravo/client/application/MenuManager.java
---
(0052617)
AugustoMauch (administrator)
2012-09-26 11:52

 Reopened to update Closed by field
(0052707)
hudsonbot (viewer)
2012-09-26 17:18

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/b780e90c6452 [^]

Maturity status: Test
(0052800)
hgbot (developer)
2012-09-26 17:28

 Repository: erp/devel/pi
Changeset: 8a0aed9bd90d9cac29addda0dd1791e59b1f755e
Author: Augusto Mauch <augusto.mauch <at> openbravo.com>
Date: Wed Sep 26 17:26:55 2012 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/8a0aed9bd90d9cac29addda0dd1791e59b1f755e [^]

Related to issue 21422: Code refactored so isAccessible is a MenuOption method

---
M modules/org.openbravo.client.application/src/org/openbravo/client/application/MenuManager.java
---
(0052804)
dbaz (viewer)
2012-09-26 17:45

 Reviewed @ changeset: 18052 - 8a0aed9bd90d
(0052912)
hudsonbot (viewer)
2012-09-28 14:39

 A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/6d2f8cffd4b1 [^]

Maturity status: Test

- Issue History
Date Modified Username Field Change
2012-08-22 21:53 pjuvara New Issue
2012-08-22 21:53 pjuvara Assigned To => alostale
2012-08-22 21:53 pjuvara Modules => Core
2012-08-22 21:53 pjuvara OBNetwork customer => No
2012-09-03 09:35 AugustoMauch Assigned To alostale => AugustoMauch
2012-09-03 09:36 AugustoMauch File Added: MenuEntryRemoval.png
2012-09-03 09:45 AugustoMauch Note Added: 0051756
2012-09-03 09:45 AugustoMauch Status new => feedback
2012-09-03 15:13 pjuvara Note Added: 0051778
2012-09-03 15:13 pjuvara Status feedback => new
2012-09-03 15:14 pjuvara Note Added: 0051779
2012-09-03 15:14 pjuvara Severity major => minor
2012-09-03 15:16 pjuvara Note Added: 0051781
2012-09-07 11:38 AugustoMauch Closed by => alostale
2012-09-07 11:41 hgbot Checkin
2012-09-07 11:41 hgbot Note Added: 0051921
2012-09-07 11:41 hgbot Status new => resolved
2012-09-07 11:41 hgbot Resolution open => fixed
2012-09-07 11:41 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/a8b284469c67c2c23581495f1226f2415e4a1ca4 [^]
2012-09-26 11:52 AugustoMauch Note Added: 0052617
2012-09-26 11:52 AugustoMauch Status resolved => new
2012-09-26 11:52 AugustoMauch Resolution fixed => open
2012-09-26 11:53 AugustoMauch Closed by alostale => dbaz
2012-09-26 11:53 AugustoMauch Status new => scheduled
2012-09-26 11:54 AugustoMauch Status scheduled => resolved
2012-09-26 11:54 AugustoMauch Resolution open => fixed
2012-09-26 17:18 hudsonbot Checkin
2012-09-26 17:18 hudsonbot Note Added: 0052707
2012-09-26 17:28 hgbot Checkin
2012-09-26 17:28 hgbot Note Added: 0052800
2012-09-26 17:45 dbaz Note Added: 0052804
2012-09-26 17:45 dbaz Status resolved => closed
2012-09-26 17:45 dbaz Fixed in Version => 3.0MP16
2012-09-28 14:39 hudsonbot Checkin
2012-09-28 14:39 hudsonbot Note Added: 0052912

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker