Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0029759
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Openbravo ERP] A. Platformminoralways2015-02-23 18:262015-05-05 08:07
ReportermaiteView Statuspublic 
Assigned Toinigosanchez 
PriorityimmediateResolutionfixedFixed in Version3.0PR15Q2
StatusclosedFix in branchFixed in SCM revision6f1dbff918d9
ProjectionnoneETAnoneTarget Version3.0PR15Q2
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Merge Request Status
Review Assigned Toalostale
OBNetwork customerOBPS
Web browser
ModulesCore
Support ticket34318
Regression levelProduction - Confirmed Stable
Regression date2014-11-13
Regression introduced in release3.0PR15Q1
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/c0aa8da15e9c [^]
Triggers an Emergency PackNo
Summary

0029759: Process definition containing parameters defined as "window", should automatically inherit permissions

DescriptionProcess definition containing parameters defined as "window", should automatically inherit permissions
Steps To Reproduce1. Access application and change to use a manual role, as "EspaƱa Finance"
2. Access Sales Invoice "1000133" and run "Add payment" process
3. Realize that no data is shown in "Order/Invoice" grid. Problem is that this role has not access to windows contained in that process definition.

Following error can be found in openbravo.log:

2015-02-23 18:16:27,072 [ajp-localhost%2F127.0.0.1-8809-10] ERROR org.openbravo.client.kernel.KernelUtils - AccessTableNoView
org.openbravo.client.kernel.OBUserException: AccessTableNoView
    at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:742)
    
TagsApproved
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0029035 closedinigosanchez Process definition containing parameters defined as "window", should automatically inherit permissions 

-  Notes
(0076946)
hgbot (developer)
2015-05-04 14:48

 Repository: erp/backports/3.0PR15Q2
Changeset: 6f1dbff918d98e5e88e3790dddaaec97ea76d37d
Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com>
Date: Mon May 04 14:01:49 2015 +0200
URL: http://code.openbravo.com/erp/backports/3.0PR15Q2/rev/6f1dbff918d98e5e88e3790dddaaec97ea76d37d [^]

Fixed bug 29759:Problems with inherited permissions in process definition

The problem was that when a process containing parameters defined as "window" is launched , this manual role has
not access to windows contained in that process definition.

The cause of this issue is that before 14Q3, no security check was done on P&E grids, so data always was retrieved.
From 15Q1, security is checked requiring explicit access to P&E grid.

The issue is fixed by inheriting access from the process, this is if the process is accessible the grid within the
P&E doesn't require to have explicit access but inherits from the process itself.

---
M modules/org.openbravo.client.application/src/org/openbravo/client/application/process/BaseProcessActionHandler.java
M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java
---
(0076979)
alostale (viewer)
2015-05-05 08:07

 code reviewed

tested in:
* Process defined as a button in a standard window
* Process accessed from menu

- Issue History
Date Modified Username Field Change
2015-05-04 12:15 alostale Type defect => backport
2015-05-04 12:15 alostale Target Version => 3.0PR15Q2.1
2015-05-04 12:46 dmitry_mezentsev Tag Attached: Approved
2015-05-04 14:45 inigosanchez Issue Monitored: alostale
2015-05-04 14:45 inigosanchez Review Assigned To => alostale
2015-05-04 14:48 hgbot Checkin
2015-05-04 14:48 hgbot Note Added: 0076946
2015-05-04 14:48 hgbot Status scheduled => resolved
2015-05-04 14:48 hgbot Resolution open => fixed
2015-05-04 14:48 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR15Q2/rev/6f1dbff918d98e5e88e3790dddaaec97ea76d37d [^]
2015-05-04 15:34 inigosanchez Target Version 3.0PR15Q2.1 => 3.0PR15Q2
2015-05-05 08:07 alostale Note Added: 0076979
2015-05-05 08:07 alostale Status resolved => closed
2015-05-05 08:07 alostale Fixed in Version => 3.0PR15Q2

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker