Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0033826
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSminorhave not tried2016-08-26 15:302016-08-31 10:30
ReporterOrekariaView Statuspublic 
Assigned ToRetail 
PrioritynormalResolutionopenFixed in Version
StatusnewFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0033826: Approval is being approved even if user is not having access to approve Based on Priority Preference

DescriptionApproval is being approved even if user is not having access to approve Based on Priority Preference
Steps To ReproduceConfigure 2 approval preferences for Remove Receipt as stated in the attached image

Log into the WebPOS with "vallblanca" user
Create a receipt, add a product
Try to delete the receipt
Verify that the approval popup is shown (CORRECT)

Verify that if the user "vallblanca" credentials are provided in the pop up, the receipt is removed - INCORRECT
(user "vallblanca" has no access to delete lines based on the Priority Preference)
Proposed SolutionThe problem is that the preferences are sorted by priority but the information available to the server at the time of the check approval, is not enough to recreate the same priority order

Priority Preference from Preference.java
getHighestPriority(...) has to be considered in CheckApproval.java
and LoginUtilsServlet.java

Automation:
Create a test to verify this issue
TagsNo tags attached.
Attached Filespng file icon PreferenceConfig.png [^] (19,391 bytes) 2016-08-30 15:16

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0089551)
Orekaria (administrator)
2016-08-30 14:17
edited on: 2016-08-31 08:45

 When a user is logged in POS, Preferences are loaded based on Default Role from RolePreferences.java (getPreferenceValues(PreferenceKeys) method) class

Here the preferences are sorted by Preference Priority described below but the at the time of Approval in POS (CheckApproval.java) Preference Priority is not considered.

Also at the time of Loading default users who can approve is showing all user irrespective of Preference Priority (LoginUtilsServlet.java).


Priority Levels: (pref1, pref2 = Preference 1 , Preference 2)

1. Check Priority by Client (Visible at client)
    *Undefined client visibility is handled as SYSTEM.
    *If pref1 or pref2 either of them which doesn't set to SYSTEM CLIENT will be Considered.
    *If pref1 or pref2 both have visible at client set and both not set to SYSTEM CLIENT then it will check Next Priority Level.


2. Check Priority by Organization (Visible at Organization)
    *If pref1 or pref2 either of them has visible at organization set, Then it will be Considered.
    *if pref1 or pref2 both have visible at organization set then It will check the Depth of the in Organization Tree and Highest Organization will Preferences will be Considered.
    *If pref1 or pref2 both have same organization set then it will check Next Priority Level.


3. Check Priority by user (Visible at User)
    *if pref1 or pref2 either of them has Visible at User set, It will be considered.
    *if pref1 or pref2 both have set Visible at User then it will check Next Priority Level.


4. Check Priority by Role (Visible at Role)
    *same as Check priority by user.


5. Check Priority by Window (Visible at Window)
    *same as Check priority by user.


6. SAME PRIORITY
    * If all the above levels are same then it will check for column "selected" and will Consider it.

- Issue History
Date Modified Username Field Change
2016-08-26 15:30 Orekaria New Issue
2016-08-26 15:30 Orekaria Assigned To => Retail
2016-08-26 15:30 Orekaria Triggers an Emergency Pack => No
2016-08-26 15:31 Orekaria Status new => scheduled
2016-08-26 15:31 Orekaria Assigned To Retail => simbu94
2016-08-26 15:31 Orekaria Relationship added caused by 0033568
2016-08-26 15:32 Orekaria Proposed Solution updated
2016-08-26 15:32 Orekaria Proposed Solution updated
2016-08-26 15:33 Orekaria Regression introduced in release => pi
2016-08-26 15:33 Orekaria Regression introduced by commit => https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e7540df082f6e24f0c18b5aaacedead195004f83 [^]
2016-08-29 13:21 simbu94 Relationship deleted caused by 0033568
2016-08-29 13:21 simbu94 Regression introduced in release pi =>
2016-08-29 13:21 simbu94 Regression introduced by commit https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/e7540df082f6e24f0c18b5aaacedead195004f83 [^] =>
2016-08-30 14:17 Orekaria Note Added: 0089551
2016-08-30 14:20 Orekaria File Added: Screenshot from 2016-08-30 14:19:51.png
2016-08-30 14:20 Orekaria Steps to Reproduce Updated View Revisions
2016-08-30 14:22 Orekaria Assigned To simbu94 => Retail
2016-08-30 14:22 Orekaria Status scheduled => feedback
2016-08-30 14:22 Orekaria Status feedback => new
2016-08-30 14:24 Orekaria Steps to Reproduce Updated View Revisions
2016-08-30 15:06 simbu94 Note Edited: 0089551 View Revisions
2016-08-30 15:10 simbu94 File Deleted: Screenshot from 2016-08-30 14:19:51.png
2016-08-30 15:16 simbu94 File Added: PreferenceConfig.png
2016-08-30 15:26 simbu94 Summary Approval is required for a user that already has it granted => Approval is being approved even if user is not having access to approve Based on Priority Preference
2016-08-30 15:26 simbu94 Description Updated View Revisions
2016-08-30 15:26 simbu94 Steps to Reproduce Updated View Revisions
2016-08-30 15:26 simbu94 Proposed Solution updated
2016-08-31 08:45 simbu94 Note Edited: 0089551 View Revisions
2016-08-31 10:30 Orekaria Proposed Solution updated

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker