Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0032354 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | minor | always | 2016-02-26 08:53 | 2016-03-17 10:56 | |||
| Reporter | alostale | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | 3.0PR16Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | fd863146a4f4 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | caristu | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0032354: field edit access doesn't allow to save if tab contains audit fields in its AD definition | |||||||
| Description | If a role has editable access to some fields in a tab that includes updated/updated by fields and in the editable permissions these fields are not included, when trying to edited any of the granted fields, an error message is seen and the operation is rolled back. Though these fields are not required to be included in the tab because they are always automatically included, it is not prevented and, in fact, there are some windows tabs that include them [1]. Checking those fields if any other is editable, has no sense because they are always updated in any edition. --- [1] There are 25 tabs in this situation: select w.name window_name, t.name tab_name from ad_column c, ad_field f, ad_tab t, ad_window w where (columnname ilike 'created' or columnname ilike 'updated') and f.ad_column_id = c.ad_column_id and f.isactive='Y' and t.ad_tab_id = f.ad_tab_id and t.isactive='Y' and t.ad_window_id = w.ad_window_id and w.isactive='Y' order by 1,2 | |||||||
| Steps To Reproduce | 1. Login as Group Admin 2. Create a Role with - User Level: Client+Org - Org Access: España Región Sur - User Assignment: Openbravo - Window Access: - Window: Sales Invoice - Editable: No - Tab Access - Tab: Header - Editable: No - Field Access - Field: Description - Editable: Yes 3. Login with that role 4. Open Sales invoice and select any invoice in España Sur organization 5. Try to edit description field -> ERROR: Saving failed. Simple Role does not have access to the field Creation Date | |||||||
| Proposed Solution | Audit fields shouldn't be checked even they are not explicitly granted for edition. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0084538) hgbot (developer) 2016-02-26 08:59 |
Repository: erp/devel/pi Changeset: fd863146a4f43e4e7589a83979fb00425643209a Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Fri Feb 26 08:57:54 2016 +0100 URL: http://code.openbravo.com/erp/devel/pi/rev/fd863146a4f43e4e7589a83979fb00425643209a [^] fixed bug 32354: field edit access doesn't allow to save if tab contains audit For tabs that explicitly define their audit (updated/updated by) fields, roles with access to edit only some fields couldn't save unless in those fields audit were also included. Now audit fields are not checked for this validation as they are always updated on any allowed modification. --- M modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/DefaultDataSourceService.java --- |
|
(0084563) caristu (developer) 2016-02-26 12:58 |
Code review + tested OK |
|
(0085170) hudsonbot (developer) 2016-03-17 10:56 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/b22fb0500156 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-02-26 08:53 | alostale | New Issue | |
| 2016-02-26 08:53 | alostale | Assigned To | => platform |
| 2016-02-26 08:53 | alostale | Modules | => Core |
| 2016-02-26 08:53 | alostale | Triggers an Emergency Pack | => No |
| 2016-02-26 08:54 | alostale | Review Assigned To | => caristu |
| 2016-02-26 08:54 | alostale | Description Updated | View Revisions |
| 2016-02-26 08:54 | alostale | Relationship added | related to 0032292 |
| 2016-02-26 08:54 | alostale | Assigned To | platform => alostale |
| 2016-02-26 08:59 | hgbot | Checkin | |
| 2016-02-26 08:59 | hgbot | Note Added: 0084538 | |
| 2016-02-26 08:59 | hgbot | Status | new => resolved |
| 2016-02-26 08:59 | hgbot | Resolution | open => fixed |
| 2016-02-26 08:59 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/fd863146a4f43e4e7589a83979fb00425643209a [^] |
| 2016-02-26 12:58 | caristu | Note Added: 0084563 | |
| 2016-02-26 12:58 | caristu | Status | resolved => closed |
| 2016-02-26 12:58 | caristu | Fixed in Version | => 3.0PR16Q2 |
| 2016-03-17 10:56 | hudsonbot | Checkin | |
| 2016-03-17 10:56 | hudsonbot | Note Added: 0085170 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |