Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0029760 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Openbravo ERP] A. Platform | minor | always | 2015-02-23 18:26 | 2015-05-05 08:07 | |||
| Reporter | maite | View Status | public | |||||
| Assigned To | inigosanchez | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | 3.0PR15Q1.4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 083eafe9b829 | ||||
| Projection | none | ETA | none | Target Version | 3.0PR15Q1.4 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | alostale | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | Production - Confirmed Stable | |||||||
| Regression date | 2014-11-13 | |||||||
| Regression introduced in release | 3.0PR15Q1 | |||||||
| Regression introduced by commit | https://code.openbravo.com/erp/devel/pi/rev/c0aa8da15e9c [^] | |||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0029760: Process definition containing parameters defined as "window", should automatically inherit permissions | |||||||
| Description | Process definition containing parameters defined as "window", should automatically inherit permissions | |||||||
| Steps To Reproduce | 1. Access application and change to use a manual role, as "EspaƱa Finance" 2. Access Sales Invoice "1000133" and run "Add payment" process 3. Realize that no data is shown in "Order/Invoice" grid. Problem is that this role has not access to windows contained in that process definition. Following error can be found in openbravo.log: 2015-02-23 18:16:27,072 [ajp-localhost%2F127.0.0.1-8809-10] ERROR org.openbravo.client.kernel.KernelUtils - AccessTableNoView org.openbravo.client.kernel.OBUserException: AccessTableNoView at org.openbravo.service.datasource.DataSourceServlet.doPost(DataSourceServlet.java:742) | |||||||
| Tags | Approved | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0076947) hgbot (developer) 2015-05-04 14:52 |
Repository: erp/backports/3.0PR15Q1.4 Changeset: 083eafe9b829ae26676427c11680caefc39ce38b Author: Inigo Sanchez <inigo.sanchez <at> openbravo.com> Date: Mon May 04 14:06:00 2015 +0200 URL: http://code.openbravo.com/erp/backports/3.0PR15Q1.4/rev/083eafe9b829ae26676427c11680caefc39ce38b [^] Fixed bug 29760:Problems with inherited permissions in process definition The problem was that when a process containing parameters defined as "window" is launched , this manual role has not access to windows contained in that process definition. The cause of this issue is that before 14Q3, no security check was done on P&E grids, so data always was retrieved.From 15Q1, security is checked requiring explicit access to P&E grid. The issue is fixed by inheriting access from the process, this is if the process is accessible the grid within the P&E doesn't require to have explicit access but inherits from the process itself. --- M modules/org.openbravo.client.application/src/org/openbravo/client/application/process/BaseProcessActionHandler.java M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DataSourceServlet.java --- |
|
(0076980) alostale (manager) 2015-05-05 08:07 |
code reviewed tested in: * Process defined as a button in a standard window * Process accessed from menu |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2015-05-04 12:15 | alostale | Type | defect => backport |
| 2015-05-04 12:15 | alostale | Target Version | => 3.0PR15Q1.4 |
| 2015-05-04 12:25 | ngarcia | Issue Monitored: ngarcia | |
| 2015-05-04 12:46 | dmitry_mezentsev | Tag Attached: Approved | |
| 2015-05-04 14:45 | inigosanchez | Issue Monitored: alostale | |
| 2015-05-04 14:51 | inigosanchez | Review Assigned To | => alostale |
| 2015-05-04 14:52 | hgbot | Checkin | |
| 2015-05-04 14:52 | hgbot | Note Added: 0076947 | |
| 2015-05-04 14:52 | hgbot | Status | scheduled => resolved |
| 2015-05-04 14:52 | hgbot | Resolution | open => fixed |
| 2015-05-04 14:52 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/backports/3.0PR15Q1.4/rev/083eafe9b829ae26676427c11680caefc39ce38b [^] |
| 2015-05-05 08:07 | alostale | Note Added: 0076980 | |
| 2015-05-05 08:07 | alostale | Status | resolved => closed |
| 2015-05-05 08:07 | alostale | Fixed in Version | => 3.0PR15Q1.4 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |