Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0033194
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] A. Platformmajoralways2016-06-08 14:432016-06-17 19:38
ReporteraferrazView Statuspublic 
Assigned Toalostale 
PriorityurgentResolutionfixedFixed in Version3.0PR16Q3
StatusclosedFix in branchFixed in SCM revision7c7933ca1dca
ProjectionnoneETAnoneTarget Version3.0PR16Q3
OSLinux 64 bitDatabasePostgreSQLJava version1.6.0_18
OS VersionProfessional ApplianceDatabase version8.3.9Ant version1.7.1
Product VersionSCM revision 
Review Assigned Toinigosanchez
Web browser
ModulesCore
Regression levelPre packaging ( pi )
Regression date2016-04-22
Regression introduced in releasepi
Regression introduced by commithttps://code.openbravo.com/erp/devel/pi/rev/daf66237fa614b8fd8e72b08b17bcd893ed5e264 [^]
Triggers an Emergency PackNo
Summary

0033194: Access not granted to Multi Selector Entity

DescriptionAccess not granted to Multi Selector Entity
Steps To ReproduceAs System Admin:
- Create a new Reference child of OBUISEL_Multi Selector Reference reference.
- Add a defined selector with ADTablePostV table.
- Create a new Process Definition.
- Add a parameter with created reference.

As F&B Admin:
- Access to created process definition
- Open the multi selector
- Realize the following error is shown:
Entity ADTablePostV is not accessible by this role/user: F&B International Group Admin/Openbravo
Proposed SolutionAttached possible solution
TagsNo tags attached.
Attached Filesdiff file icon 33194.diff [^] (1,730 bytes) 2016-06-08 14:46 [Show Content]

- Relationships Relation Graph ] Dependency Graph ]
caused by feature request 00327283.0PR16Q3 closedinigosanchez Standard datasources should check entity access. 
blocks defect 00330633.0PR16Q3 closedmarkmm82 It should be possible to run "Reset Accounting" process for several organization at once 

-  Notes
(0087110)
hgbot (developer)
2016-06-09 10:29

Repository: erp/devel/pi
Changeset: 7c7933ca1dca65cc09c5f9c790b78c45484d286f
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Thu Jun 09 10:27:43 2016 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/7c7933ca1dca65cc09c5f9c790b78c45484d286f [^]

fixed bug 33194: Access not granted to Multiple Selector

  When a mulitple selector was added to a proccess definition, access to its
  enttity was not automatically granted, causing potential data request denial.

  Now multiple selector reference is taken into account to grant privileges when
  included in a process definition.

---
M src/org/openbravo/dal/security/EntityAccessChecker.java
---
(0087152)
inigosanchez (developer)
2016-06-10 12:44

Code reviewed in pi@f517e8c6bf44
(0087598)
hudsonbot (developer)
2016-06-17 19:38

A changeset related to this issue has been promoted main and to the
Central Repository, after passing a series of tests.

Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/0dc7be081b1c [^]
Maturity status: Test

- Issue History
Date Modified Username Field Change
2016-06-08 14:43 aferraz New Issue
2016-06-08 14:43 aferraz Assigned To => platform
2016-06-08 14:43 aferraz Modules => Core
2016-06-08 14:43 aferraz Triggers an Emergency Pack => No
2016-06-08 14:44 aferraz Relationship added blocks 0033063
2016-06-08 14:46 aferraz Proposed Solution updated
2016-06-08 14:46 aferraz File Added: 33194.diff
2016-06-09 10:17 alostale Relationship added related to 0032728
2016-06-09 10:22 alostale Assigned To platform => alostale
2016-06-09 10:23 alostale Review Assigned To => inigosanchez
2016-06-09 10:25 alostale Regression level => Pre packaging ( pi )
2016-06-09 10:25 alostale Regression date => 2016-04-22
2016-06-09 10:25 alostale Regression introduced in release => pi
2016-06-09 10:25 alostale Regression introduced by commit => https://code.openbravo.com/erp/devel/pi/rev/daf66237fa614b8fd8e72b08b17bcd893ed5e264 [^]
2016-06-09 10:25 alostale Relationship replaced caused by 0032728
2016-06-09 10:29 hgbot Checkin
2016-06-09 10:29 hgbot Note Added: 0087110
2016-06-09 10:29 hgbot Status new => resolved
2016-06-09 10:29 hgbot Resolution open => fixed
2016-06-09 10:29 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/7c7933ca1dca65cc09c5f9c790b78c45484d286f [^]
2016-06-10 12:44 inigosanchez Note Added: 0087152
2016-06-10 12:44 inigosanchez Status resolved => closed
2016-06-10 12:44 inigosanchez Fixed in Version => 3.0PR16Q3
2016-06-17 19:38 hudsonbot Checkin
2016-06-17 19:38 hudsonbot Note Added: 0087598


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker