Anonymous | Login

Project:

News | My View | View Issues | Roadmap | Summary

View Issue Details[ Jump to Notes ]

[ Issue History ] [ Print ]

ID

0029175

Type

Category

Severity

Reproducibility

Date Submitted

Last Update

design defect

[Openbravo ERP] 09. Financial management

major

have not tried

2015-03-06 14:51

2015-03-12 07:45

Reporter

jonalegriaesarte

View Status

public

Assigned To

AugustoMauch

Priority

high

Resolution

open

Fixed in Version

Status

acknowledged

Fix in branch

Fixed in SCM revision

Projection

none

ETA

none

Target Version

OS

Any

Database

Any

Java version

OS Version

Database version

Ant version

Product Version

SCM revision

Review Assigned To

Web browser

Modules

Core

Regression level

Regression date

Regression introduced in release

Regression introduced by commit

Triggers an Emergency Pack

No

Summary

0029175: Account selector in General ledger report can not be used depending on the permissions to the role

Description

Account selector in General ledger report can not be used depending on the permissions to the role. This makes the report not usable

Steps To Reproduce

- Create a testing role, set as manual
- Provide access to org F&B España, user Openbravo and General ledger report
- Logout and login using the new role
- Access to report and try to use the selector. System provides an error.

Tags

No tags attached.

Relationships [ Relation Graph ] [ Dependency Graph ]

related to	design defect	0029231		new	Triage Platform Base	Define createLinesFrom process and posted process as an OB standard process.
depends on	backport	0029213	3.0PR15Q3	closed	AugustoMauch	Account selector in General ledger report can not be used depending on the permissions to the role

Notes
(0075445) vmromanos (manager) 2015-03-11 13:34	Forward to platform: Problem found in HttpSecureAppServlet.java, method hasGeneralAccess(). The SeguridadData.selectAccessSearch() query only takes into account Windows, but this is a Report, so no ad_window_access is found. Proposed solution: Query should be changed, or alternatively hack in hasAccess() method to control that situation. Note that other selectors (Multiple Business Partner, Project, etc.) show data in this scenario, so this selector must have the same logic.

(0075467) alostale (manager) 2015-03-12 07:45	Moving to design defect: similar case than 0029213 regarding defects in the design of 2.50 components securization. Accessibility for 2.50 selectors is granted only if the selector is used in any of the windows accessible with the current role. This cannot be implemented for manual reports because they don't define in AD which are the references they use as parameter. This is the case of the account selector. Multiple selectors are not considered in this sense as selectors because they are not defined in AD as reference because they can't be used in standard windows. Therefore they're directly defined as "AD Implementation Mapping", in this case the only initial restriction to get access is to be logged in the application but other security rules, if any, must be implemented by the servlet.

Issue History
Date Modified	Username	Field	Change
2015-03-06 14:51	jonalegriaesarte	New Issue
2015-03-06 14:51	jonalegriaesarte	Assigned To	=> Sandrahuguet
2015-03-06 14:51	jonalegriaesarte	Modules	=> Core
2015-03-06 14:51	jonalegriaesarte	Resolution time	=> 1427238000
2015-03-06 14:51	jonalegriaesarte	Triggers an Emergency Pack	=> No
2015-03-10 11:06	jorge-garcia	Status	new => scheduled
2015-03-10 11:06	jorge-garcia	Assigned To	Sandrahuguet => jorge-garcia
2015-03-11 13:34	vmromanos	Assigned To	jorge-garcia => AugustoMauch
2015-03-11 13:34	vmromanos	Note Added: 0075445
2015-03-12 07:37	alostale	Relationship added	related to 0029231
2015-03-12 07:45	alostale	Resolution time	1427238000 =>
2015-03-12 07:45	alostale	Note Added: 0075467
2015-03-12 07:45	alostale	Status	scheduled => acknowledged
2015-03-12 07:45	alostale	Type	defect => design defect
2015-03-12 07:45	alostale	Target Version	3.0PR15Q3 =>

Copyright © 2000 - 2009 MantisBT Group