Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0002958 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | minor | always | 2008-05-06 14:51 | 2008-06-19 19:26 | |||
| Reporter | user71 | View Status | public | |||||
| Assigned To | user71 | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 2.40alpha-r2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0002958: Can delete records from client 0 without access permission | |||||||
| Description | Problem: - For delete in datagrids always has permision on records from client 0. Steps: - With role System Administrator create a user. - Change role to and other with less priviliges(e.g. role b) - Go to users and in edit mode you can't delete the record, but in RELATIONAL mode you CAN DELETE the record. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0003668) user71 2008-05-06 14:58 edited on: 2008-06-12 09:26 |
Logged In: YES user_id=1964080 Originator: YES Fixed since revision 3967 in the trunk - Added windowId and accessLevel control for delete in datagrids Change Utility.getContext(this, vars, "#User_Client", "win") into Utility.getContext(this, vars, "#User_Client", WindowId, accessLevel) |
|
(0006547) user71 2005-06-01 00:00 edited on: 2008-06-12 09:43 |
This bug was originally reported in SourceForge bug tracker and then migrated to Mantis. You can see the original bug report in: https://sourceforge.net/support/tracker.php?aid=1958704 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-06-19 19:26 | psarobe | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |