Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0028842 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | always | 2015-02-03 12:41 | 2016-06-17 19:36 | |||
| Reporter | jecharri | View Status | public | |||||
| Assigned To | NaroaIriarte | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 3.0PR15Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 98cf7142eebe | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | AugustoMauch | |||||||
| Web browser | Google Chrome | |||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0028842: When you attach a file, the created record in table c_file has context organization instead of document organization | |||||||
| Description | When you attach a file, the created record in table c_file has context organization instead of document organization | |||||||
| Steps To Reproduce | -Login to ERP -Your context should have "EspaƱa Norte" organization -Go to window sales order and select an org with organization "F&B US East Coast" -Attach a file -Login with a role that only have access to "F&B US East Coast" verify that can not see attached file The problem is that created record in table c_file has the context organization instead of document organization. It could be necessary a modulescript | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0074063) Guillaume_Jump (reporter) 2015-02-04 03:54 |
Good Morning, Doing more tests on that we found that the same problem also applies to Notes. |
|
(0075150) hgbot (developer) 2015-03-04 12:18 |
Repository: erp/devel/pi Changeset: afec99f5af4390c1360af46f504bd7399f709f32 Author: Naroa Iriarte <naroa.iriarte <at> openbravo.com> Date: Thu Feb 26 13:45:06 2015 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/afec99f5af4390c1360af46f504bd7399f709f32 [^] Fixed issue 28842: There are problems to handle attachments. There were two problems: First: When storing an attachment in the database (c_file table), the current organization of the user was used instead of the organization of the document where the file is being attached to. The aim of this fix is to take the value of the organization of the attached document instead of the current user organization. Second: When an attachment was created with an organization and after that, the organization of the document was changed, it was not possible to download it, update it nor delete it with a user who does not have access to the organization used to create the attachment. To fix the first part, a new field that stores the document organization has been added to the canvas of the OBAttachmentsSectionItem class in the fillAttachments function. After that the field is sent as a param in the request, and can be used in the TabAttachments.java class to be included to create the new record in c_file. To fix the second part, the way the attachments are retrieved in the TabAttachments and in the AttachmentsAH classes has been modified. Now the automated organization filter is disabled, so the organization of the attachment is not taken into accout. It is needed that the user has at least readable access to the document's organization for downloading, deleting or editing its attachments a new method has been added to the SecurityChecker class for checking this. --- M modules/org.openbravo.client.application/src/org/openbravo/client/application/window/AttachmentsAH.java M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-attachments.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-linked-items.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form.js M src/org/openbravo/dal/security/SecurityChecker.java M src/org/openbravo/erpCommon/businessUtility/TabAttachments.java --- |
|
(0075151) AugustoMauch (manager) 2015-03-04 12:19 |
Code reviewed and verified in pi@afec99f5af43 |
|
(0075152) AugustoMauch (manager) 2015-03-04 12:27 |
A module script was not needed, as now the organization of the attachment (which was the data that would have been needed to be corrected in the modulescript) is not taken into accout to interact (download, edit, remove) with an attachment. Now, if a user has access to the document where the files are attached to, it will have access to all its attachments. |
|
(0075159) hgbot (developer) 2015-03-04 15:02 |
Repository: erp/devel/pi Changeset: cc464383f9e11fa224a55341a45914c46433c04f Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Wed Mar 04 15:01:42 2015 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/cc464383f9e11fa224a55341a45914c46433c04f [^] Related with issue 28842: Improves javadoc of checkReadableAccess method --- M src/org/openbravo/dal/security/SecurityChecker.java --- |
|
(0075206) hudsonbot (developer) 2015-03-05 17:01 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/2369c54c9f14 [^] Maturity status: Test |
|
(0075207) hudsonbot (developer) 2015-03-05 17:01 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/2369c54c9f14 [^] Maturity status: Test |
|
(0085698) hgbot (developer) 2016-04-18 13:02 |
Repository: erp/devel/pi Changeset: 98cf7142eebe2d555da6108bb5f51f68cc325afb Author: Naroa Iriarte <naroa.iriarte <at> openbravo.com> Date: Thu Feb 26 13:45:06 2015 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/98cf7142eebe2d555da6108bb5f51f68cc325afb [^] Fixed issue 28842: There are problems to handle attachments. There were two problems: First: When storing an attachment in the database (c_file table), the current organization of the user was used instead of the organization of the document where the file is being attached to. The aim of this fix is to take the value of the organization of the attached document instead of the current user organization. Second: When an attachment was created with an organization and after that, the organization of the document was changed, it was not possible to download it, update it nor delete it with a user who does not have access to the organization used to create the attachment. To fix the first part, a new field that stores the document organization has been added to the canvas of the OBAttachmentsSectionItem class in the fillAttachments function. After that the field is sent as a param in the request, and can be used in the TabAttachments.java class to be included to create the new record in c_file. To fix the second part, the way the attachments are retrieved in the TabAttachments and in the AttachmentsAH classes has been modified. Now the automated organization filter is disabled, so the organization of the attachment is not taken into accout. It is needed that the user has at least readable access to the document's organization for downloading, deleting or editing its attachments a new method has been added to the SecurityChecker class for checking this. --- M modules/org.openbravo.client.application/src/org/openbravo/client/application/window/AttachmentsAH.java M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-attachments.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form-linked-items.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/form/ob-view-form.js M src/org/openbravo/dal/security/SecurityChecker.java M src/org/openbravo/erpCommon/businessUtility/TabAttachments.java --- |
|
(0085699) hgbot (developer) 2016-04-18 13:02 |
Repository: erp/devel/pi Changeset: b036e3dfa2a5e8924a164e9b237a3582450a2a75 Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Wed Mar 04 15:01:42 2015 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/b036e3dfa2a5e8924a164e9b237a3582450a2a75 [^] Related with issue 28842: Improves javadoc of checkReadableAccess method --- M src/org/openbravo/dal/security/SecurityChecker.java --- |
|
(0085734) gorkaion (developer) 2016-04-19 09:54 |
issue reopened by attachment enhancement project merge. checked that it is not reproduced. |
|
(0087457) hudsonbot (developer) 2016-06-17 19:36 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/0dc7be081b1c [^] Maturity status: Test |
|
(0087458) hudsonbot (developer) 2016-06-17 19:36 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/0dc7be081b1c [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2015-02-03 12:41 | jecharri | New Issue | |
| 2015-02-03 12:41 | jecharri | Assigned To | => AugustoMauch |
| 2015-02-03 12:41 | jecharri | Web browser | => Google Chrome |
| 2015-02-03 12:41 | jecharri | Modules | => Core |
| 2015-02-03 12:41 | jecharri | Resolution time | => 1425510000 |
| 2015-02-03 12:41 | jecharri | Triggers an Emergency Pack | => No |
| 2015-02-04 03:54 | Guillaume_Jump | Note Added: 0074063 | |
| 2015-02-09 12:38 | alostale | Status | new => scheduled |
| 2015-02-09 12:38 | alostale | Assigned To | AugustoMauch => NaroaIriarte |
| 2015-02-09 12:38 | alostale | fix_in_branch | => pi |
| 2015-02-25 08:40 | alostale | Relationship added | related to 0029057 |
| 2015-02-25 13:15 | caristu | Relationship added | related to 0029064 |
| 2015-03-04 12:17 | AugustoMauch | Issue Monitored: AugustoMauch | |
| 2015-03-04 12:17 | AugustoMauch | Review Assigned To | => AugustoMauch |
| 2015-03-04 12:17 | AugustoMauch | Web browser | Google Chrome => Google Chrome |
| 2015-03-04 12:17 | AugustoMauch | fix_in_branch | pi => |
| 2015-03-04 12:18 | hgbot | Checkin | |
| 2015-03-04 12:18 | hgbot | Note Added: 0075150 | |
| 2015-03-04 12:18 | hgbot | Status | scheduled => resolved |
| 2015-03-04 12:18 | hgbot | Resolution | open => fixed |
| 2015-03-04 12:18 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/afec99f5af4390c1360af46f504bd7399f709f32 [^] |
| 2015-03-04 12:19 | AugustoMauch | Note Added: 0075151 | |
| 2015-03-04 12:19 | AugustoMauch | Status | resolved => closed |
| 2015-03-04 12:19 | AugustoMauch | Fixed in Version | => 3.0PR15Q2 |
| 2015-03-04 12:26 | AugustoMauch | Web browser | Google Chrome => Google Chrome |
| 2015-03-04 12:26 | AugustoMauch | Steps to Reproduce Updated | View Revisions |
| 2015-03-04 12:27 | AugustoMauch | Note Added: 0075152 | |
| 2015-03-04 15:02 | hgbot | Checkin | |
| 2015-03-04 15:02 | hgbot | Note Added: 0075159 | |
| 2015-03-05 17:01 | hudsonbot | Checkin | |
| 2015-03-05 17:01 | hudsonbot | Note Added: 0075206 | |
| 2015-03-05 17:01 | hudsonbot | Checkin | |
| 2015-03-05 17:01 | hudsonbot | Note Added: 0075207 | |
| 2015-03-18 08:59 | alostale | Relationship added | related to 0024289 |
| 2015-03-18 08:59 | alostale | Relationship deleted | related to 0024289 |
| 2015-03-18 09:01 | alostale | Relationship added | related to 0029313 |
| 2015-03-18 09:19 | alostale | Relationship added | related to 0029326 |
| 2016-04-18 13:02 | hgbot | Checkin | |
| 2016-04-18 13:02 | hgbot | Note Added: 0085698 | |
| 2016-04-18 13:02 | hgbot | Status | closed => resolved |
| 2016-04-18 13:02 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/afec99f5af4390c1360af46f504bd7399f709f32 [^] => http://code.openbravo.com/erp/devel/pi/rev/98cf7142eebe2d555da6108bb5f51f68cc325afb [^] |
| 2016-04-18 13:02 | hgbot | Checkin | |
| 2016-04-18 13:02 | hgbot | Note Added: 0085699 | |
| 2016-04-19 09:54 | gorkaion | Note Added: 0085734 | |
| 2016-04-19 09:54 | gorkaion | Status | resolved => closed |
| 2016-06-17 19:36 | hudsonbot | Checkin | |
| 2016-06-17 19:36 | hudsonbot | Note Added: 0087457 | |
| 2016-06-17 19:36 | hudsonbot | Checkin | |
| 2016-06-17 19:36 | hudsonbot | Note Added: 0087458 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |