Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0030057 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2015-06-01 09:16 | 2015-06-26 15:57 | |||
| Reporter | yogaskarnik | View Status | public | |||||
| Assigned To | aferraz | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | 1c428b6ceb65 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | pi | SCM revision | ||||||
| Review Assigned To | vmromanos | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0030057: Org Access added automatically to all roles | |||||||
| Description | When a new organization is created Org Access tab under Role window is automatically populated with the new Organization created. Some inconsistent behavior observed: 1. When you create a new organization Org Access is added automatically to all the Automatic Roles. 2. When you create an Automatic Role, no Organization Access is given to the Role created. | |||||||
| Steps To Reproduce | Steps to reproduce: 1. Login 2. Go to Initial Org Setup 3. Fill the form and Click Ok button 4. Go to Role Window filter for Manual=NO 5. Check any Role record and notice the new organization is automatically added under Org Access tab of that role. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0078049) aferraz (manager) 2015-06-04 10:16 edited on: 2015-06-25 18:50 |
Test plan: As F&B Admin: - Create a role with "System" user level and manual = "N". Realize in Org Access a line is created with * org and organization administrator = "N" - Create a role with "Client" user level and manual = "N". Realize in Org Access there is a line for * org with organization administrator = "N" - Create a role with "Client+Organization" user level and manual = "N". Realize in Org Access lines for every org are created with organization administrator = "Y", including * org with organization administrator = "N" - Create a role with "Organization" user level and manual = "N". Realize in Org Access lines for every org are created with organization administrator = "Y" - Repeat the same flows but creating the role with flag manual = "Y" and realize no lines are created in Org Access. - Delete "System" level roles, in order to be able to create a new organization. - Go to Initial Organization Setup window and create a new organization named "Org", username = "Org", password = "Org", type = "Generic", parent = "España". - Realize process finishes successfully. - Go to Role window and realize a new Role named "Org" has been created with "Organization" user level and manual = "N". Realize in Org Access lines we only have access to the new organization "Org" As System Admin: - Go to Initial Client Setup window and create a new client named "Cliente". - Realize process finishes successfully. - Go to Role window and realize a new Role named "Cliente" has been created with "Client+Organization" user level and manual = "N". Realize in Org Access line for * org has been created, with organization administrator = "N" As Cliente Admin: - Go to Role window and realize a new role named "Cliente" has been created with Org Access to * org with organization administrator = "N" |
|
(0078523) hgbot (developer) 2015-06-26 09:36 |
Repository: erp/devel/pi Changeset: 1c428b6ceb65de1b430ee8f626465ec95d1c7f0d Author: Alvaro Ferraz <alvaro.ferraz <at> openbravo.com> Date: Fri Jun 05 15:21:15 2015 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/1c428b6ceb65de1b430ee8f626465ec95d1c7f0d [^] Fixes issue 30057: Org Access added automatically to automatic roles Org Access will be automatically created when creating a new no manual role following this rule: System user level: * organization with Organization Administrator flag = N. Client user level: * organization with Organization Administrator flag = N and all the rest of organizations of the client with Organization Administrator flag = Y. Client+Organization user level: * organization with Organization Administrator flag = N and all the rest of organizations of the client with Organization Administrator flag = Y. Organization user level: all the rest of organizations of the client (excluding * organization) with Organization Administrator flag = Y. --- M src/org/openbravo/erpCommon/businessUtility/InitialClientSetup.java M src/org/openbravo/erpCommon/businessUtility/InitialOrgSetup.java A src/org/openbravo/event/RoleEventHandler.java --- |
|
(0078524) hgbot (developer) 2015-06-26 09:36 |
Repository: erp/devel/pi Changeset: d7e8168bd47b97c016ab4fd54ef2b83bb849c09b Author: Víctor Martínez Romanos <victor.martinez <at> openbravo.com> Date: Thu Jun 25 18:56:49 2015 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/d7e8168bd47b97c016ab4fd54ef2b83bb849c09b [^] Related to issue 30057: code review preview Removed flushes from RoleEventHandler because they create conflicts. As a consequence we lose the ability to clear the session, but this shouldn't be a problem because it's very unlikely to have environments with great amount of organizations. In RoleEventHandler we only create access to * organization when access level is Client (before this changeset it created also records for other organizations and it is useless). Reverted changes for Initial Client/Organization Setup. RoleEventHandler won't do anything if executed from an Initial Client/Organization Setup (this change is a way to isolate the problems reported at 0030253) Added log4j to RoleEventHandler. Removed admin mode from RoleEventHandler because it's not needed (the user always has access t the entities involved in the process). --- M src/org/openbravo/erpCommon/businessUtility/InitialClientSetup.java M src/org/openbravo/erpCommon/businessUtility/InitialOrgSetup.java M src/org/openbravo/event/RoleEventHandler.java --- |
|
(0078525) vmromanos (manager) 2015-06-26 09:37 |
Code review + testing OK |
|
(0078546) hudsonbot (developer) 2015-06-26 15:57 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/60ba8db95a9d [^] Maturity status: Test |
|
(0078547) hudsonbot (developer) 2015-06-26 15:57 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/60ba8db95a9d [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2015-06-01 09:16 | yogaskarnik | New Issue | |
| 2015-06-01 09:16 | yogaskarnik | Assigned To | => platform |
| 2015-06-01 09:16 | yogaskarnik | Modules | => Core |
| 2015-06-01 09:16 | yogaskarnik | Resolution time | => 1433368800 |
| 2015-06-01 09:16 | yogaskarnik | Regression introduced in release | => 3.0PR14Q3.8 |
| 2015-06-01 09:16 | yogaskarnik | Triggers an Emergency Pack | => No |
| 2015-06-01 17:32 | alostale | Assigned To | platform => Triage Finance |
| 2015-06-02 09:57 | yogaskarnik | Resolution time | 1433368800 => 1435874400 |
| 2015-06-02 09:57 | yogaskarnik | Regression introduced in release | 3.0PR14Q3.8 => |
| 2015-06-02 09:57 | yogaskarnik | Priority | high => urgent |
| 2015-06-02 09:57 | yogaskarnik | Severity | minor => major |
| 2015-06-02 09:57 | yogaskarnik | version | => pi |
| 2015-06-02 18:10 | yogaskarnik | Description Updated | View Revisions |
| 2015-06-02 18:10 | yogaskarnik | Steps to Reproduce Updated | View Revisions |
| 2015-06-03 09:53 | yogaskarnik | Description Updated | View Revisions |
| 2015-06-03 18:44 | aferraz | Status | new => scheduled |
| 2015-06-03 18:44 | aferraz | Assigned To | Triage Finance => aferraz |
| 2015-06-03 19:06 | aferraz | Relationship added | related to 0010548 |
| 2015-06-04 10:16 | aferraz | Note Added: 0078049 | |
| 2015-06-04 11:03 | aferraz | Note Edited: 0078049 | View Revisions |
| 2015-06-04 12:57 | aferraz | Note Edited: 0078049 | View Revisions |
| 2015-06-04 12:58 | aferraz | Note Edited: 0078049 | View Revisions |
| 2015-06-08 10:26 | aferraz | Note Edited: 0078049 | View Revisions |
| 2015-06-25 17:44 | vmromanos | Note Edited: 0078049 | View Revisions |
| 2015-06-25 18:50 | vmromanos | Note Edited: 0078049 | View Revisions |
| 2015-06-26 09:16 | vmromanos | Relationship added | related to 0030253 |
| 2015-06-26 09:36 | hgbot | Checkin | |
| 2015-06-26 09:36 | hgbot | Note Added: 0078523 | |
| 2015-06-26 09:36 | hgbot | Status | scheduled => resolved |
| 2015-06-26 09:36 | hgbot | Resolution | open => fixed |
| 2015-06-26 09:36 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/1c428b6ceb65de1b430ee8f626465ec95d1c7f0d [^] |
| 2015-06-26 09:36 | hgbot | Checkin | |
| 2015-06-26 09:36 | hgbot | Note Added: 0078524 | |
| 2015-06-26 09:37 | vmromanos | Review Assigned To | => vmromanos |
| 2015-06-26 09:37 | vmromanos | Note Added: 0078525 | |
| 2015-06-26 09:37 | vmromanos | Status | resolved => closed |
| 2015-06-26 15:57 | hudsonbot | Checkin | |
| 2015-06-26 15:57 | hudsonbot | Note Added: 0078546 | |
| 2015-06-26 15:57 | hudsonbot | Checkin | |
| 2015-06-26 15:57 | hudsonbot | Note Added: 0078547 | |
| 2017-06-30 13:35 | jonibc | Relationship added | related to 0036379 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |