0032628: cannot propagate privileges if a template role has been used in a session

Description

When a standard role that has been used in sessions, is marked as template and tried to be set as parent for another role, privileges propagation fails and the parent-child relationship cannot be saved.

Steps To Reproduce

1. Create a new role:
  * name: bt
  * level: client+org
  * manual: yes
  * template: no
    * org access: España Norte
    * user: assignment: Openbravo
    * window access: Sales Order
2. Login with Openbravo user using that role
3. Open Sales Order window
4. Edit that role to set template=yes
5. Create a new manual role with client+org access level
6. In Role Inheritance tab add a new record inherit from: bt
  -> ERROR in UI: Saving failed. With your current role this action is not allowed.
     In logs: 3475468 [http-8080-2] ERROR org.openbravo.base.exception.OBSecurityException - Client (0) of object (ADPreference(ECFEC09198D847CAB8C2881B86D438EF) (property: UINAVBA_MenuRecentList)) is not present in ClientList 23C59575B9CF467C9620760EB255B389
org.openbravo.base.exception.OBSecurityException: Client (0) of object (ADPreference(ECFEC09198D847CAB8C2881B86D438EF) (property: UINAVBA_MenuRecentList)) is not present in ClientList 23C59575B9CF467C9620760EB255B389
    at org.openbravo.dal.security.SecurityChecker.checkWriteAccess(SecurityChecker.java:171)
    at org.openbravo.dal.core.OBInterceptor.doEvent(OBInterceptor.java:343)
    at org.openbravo.dal.core.OBInterceptor.onSave(OBInterceptor.java:225)
    at org.hibernate.event.def.AbstractSaveEventListener.substituteValuesIfNecessary(AbstractSaveEventListener.java:413)
    at org.hibernate.event.def.AbstractSaveEventListener.performSaveOrReplicate(AbstractSaveEventListener.java:292)
    at org.hibernate.event.def.AbstractSaveEventListener.performSave(AbstractSaveEventListener.java:203)
    at org.hibernate.event.def.AbstractSaveEventListener.saveWithGeneratedId(AbstractSaveEventListener.java:143)
    at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.saveWithGeneratedOrRequestedId(DefaultSaveOrUpdateEventListener.java:210)
    at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.entityIsTransient(DefaultSaveOrUpdateEventListener.java:195)
    at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.performSaveOrUpdate(DefaultSaveOrUpdateEventListener.java:117)
    at org.hibernate.event.def.DefaultSaveOrUpdateEventListener.onSaveOrUpdate(DefaultSaveOrUpdateEventListener.java:93)
    at org.hibernate.impl.SessionImpl.fireSaveOrUpdate(SessionImpl.java:685)
    at org.hibernate.impl.SessionImpl.saveOrUpdate(SessionImpl.java:677)
    at org.openbravo.dal.core.SessionHandler.save(SessionHandler.java:176)
    at org.openbravo.dal.service.OBDal.save(OBDal.java:249)
    at org.openbravo.role.inheritance.RoleInheritanceManager.copyRoleAccess(RoleInheritanceManager.java:124)
    at org.openbravo.role.inheritance.RoleInheritanceManager.handleAccess(RoleInheritanceManager.java:587)
    at org.openbravo.role.inheritance.RoleInheritanceManager.calculateAccesses(RoleInheritanceManager.java:539)
    at org.openbravo.role.inheritance.RoleInheritanceManager.calculateAccesses(RoleInheritanceManager.java:509)
    at org.openbravo.role.inheritance.RoleInheritanceManager.applyNewInheritance(RoleInheritanceManager.java:200)

Tags

No tags attached.

Attached Files

Relationships [ Relation Graph ] [ Dependency Graph ]

blocks

defect

0032626

closed

caristu

cannot propagate privileges if a template role has been used in a session

Notes
(0085648) hgbot (developer) 2016-04-14 17:49	Repository: erp/backports/3.0PR16Q2 Changeset: 7cff9e8c97c25672f4ed24b0ff862d0db82ee397 Author: Carlos Aristu <carlos.aristu <at> openbravo.com> Date: Thu Apr 14 17:49:21 2016 +0200 URL: http://code.openbravo.com/erp/backports/3.0PR16Q2/rev/7cff9e8c97c25672f4ed24b0ff862d0db82ee397 [^] fixes issue 32628: cannot propagate privileges if a template role has been used Now the client/org check is skipped when propagating changes (create, remove, update) privileges. This is done by using the OBContext.setAdminMode(false). Besides, the UINAVBA_MenuRecentList preference has been included into the preference black list, which is a list that prevents the propagation of all the preferences included within it. --- M src/org/openbravo/role/inheritance/RoleInheritanceManager.java M src/org/openbravo/role/inheritance/access/PreferenceAccessInjector.java ---

(0085688) alostale (manager) 2016-04-18 08:36	code reviewed + tested

Issue History
Date Modified	Username	Field	Change
2016-04-08 12:24	alostale	Type	defect => backport
2016-04-08 12:24	alostale	Target Version	=> 3.0PR16Q2
2016-04-14 17:49	hgbot	Checkin
2016-04-14 17:49	hgbot	Note Added: 0085648
2016-04-14 17:49	hgbot	Status	scheduled => resolved
2016-04-14 17:49	hgbot	Resolution	open => fixed
2016-04-14 17:49	hgbot	Fixed in SCM revision	=> http://code.openbravo.com/erp/backports/3.0PR16Q2/rev/7cff9e8c97c25672f4ed24b0ff862d0db82ee397 [^]
2016-04-18 08:36	alostale	Assigned To	platform => caristu
2016-04-18 08:36	alostale	Review Assigned To	=> alostale
2016-04-18 08:36	alostale	Note Added: 0085688
2016-04-18 08:36	alostale	Status	resolved => closed
2016-04-18 08:36	alostale	Fixed in Version	=> 3.0PR16Q2