Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0034676 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | always | 2016-12-02 11:26 | 2017-05-29 17:43 | |||
| Reporter | JONHM | View Status | public | |||||
| Assigned To | AtulOpenbravo | |||||||
| Priority | high | Resolution | fixed | Fixed in Version | 3.0PR17Q3 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 6026736637ce | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | markmm82 | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0034676: It is possible to see prices for list prices for organizations that you don't have access to. | |||||||
| Description | When using the product selector it is possible to see the price of pricelist that belongs to an organization that the role used does not access to. | |||||||
| Steps To Reproduce | Using the F&B sample data. 1-Create a new role. Org=* Access level=Organization Org access: REmove all the rows except: España REgion Sur Window Access: Sales Order. Editable field=Y. 2-Crea a new user. Org=* User Roles: the previously created role. 3-Create a priceslit: Organization: España Norte Sales priceslit =Y Create a priceslit version and create the product prices using on the base version "Tarifa de ventas". 3-Create a priceslit: Organization: España Surt Sales priceslit =Y Create a priceslit version and create the product prices using on the base version "Tarifa de ventas". 4-Logout 5-Login with the new user. 6-Create a sales order. Organization = region sur. 7-Create a line. Open the product selector popup. 8-REmove the filters. *See on the prices list version column that you see rows for norte prices list also. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0093198) hgbot (developer) 2017-01-04 18:15 |
Repository: erp/devel/pi Changeset: 34c040a18ce0c1d1c72531210b38f8726fdd3aef Author: Atul Gaware <atul.gaware <at> openbravo.com> Date: Thu Dec 22 22:54:41 2016 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/34c040a18ce0c1d1c72531210b38f8726fdd3aef [^] Fixes Issue 34676:It is possible to see prices for list prices for organizations that you don't have access to. Problem is Organization property of Product Price in the Product Price By Warehouse view is not checked whether it appears in Natural Tree of the Current Logged in Organization. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0093199) hgbot (developer) 2017-01-04 18:15 |
Repository: erp/devel/pi Changeset: ca851ae75852b1f793f9f1495a8cd59bd5b82574 Author: Mark <markmm82 <at> gmail.com> Date: Thu Dec 22 13:22:46 2016 -0500 URL: http://code.openbravo.com/erp/devel/pi/rev/ca851ae75852b1f793f9f1495a8cd59bd5b82574 [^] Related to issue 34676: Code review improvements Reordered conditions in where clause. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0093202) markmm82 (developer) 2017-01-04 18:20 |
Code review + Testing OK |
|
(0093208) vmromanos (manager) 2017-01-05 08:39 |
Reopen because this solution might not properly resolve the issue. Changesets must be reverted from PI |
|
(0093230) hgbot (developer) 2017-01-05 14:42 |
Repository: erp/devel/pi Changeset: f1b037bcb10e79cab69b771b846fbbbcb4958a83 Author: Mark <markmm82 <at> gmail.com> Date: Thu Jan 05 08:28:23 2017 -0500 URL: http://code.openbravo.com/erp/devel/pi/rev/f1b037bcb10e79cab69b771b846fbbbcb4958a83 [^] Related to issue 34676: Backout changes 34c040a18ce0 --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0093414) vmromanos (manager) 2017-01-12 14:37 |
Reported feature request 0034928. Meanwhile it's implemented, let's fix this issue with the "where clause" modification. |
|
(0093418) hgbot (developer) 2017-01-12 15:14 |
Repository: erp/devel/pi Changeset: 0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 Author: Atul Gaware <atul.gaware <at> openbravo.com> Date: Thu Dec 22 22:54:41 2016 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 [^] Fixes Issue 34676:It is possible to see prices for list prices for organizations that you don't have access to. Problem is Organization property of Product Price in the Product Price By Warehouse view is not checked whether it appears in Natural Tree of the Current Logged in Organization. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0093419) hgbot (developer) 2017-01-12 15:14 |
Repository: erp/devel/pi Changeset: 84bb5e88ab9bec96baa061b5a84476734ca49b7b Author: Mark <markmm82 <at> gmail.com> Date: Thu Dec 22 13:22:46 2016 -0500 URL: http://code.openbravo.com/erp/devel/pi/rev/84bb5e88ab9bec96baa061b5a84476734ca49b7b [^] Related to issue 34676: Code review improvements Reordered conditions in where clause. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0093420) markmm82 (developer) 2017-01-12 15:17 |
Code review + Testing OK |
|
(0095063) hudsonbot (developer) 2017-03-15 20:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
(0095064) hudsonbot (developer) 2017-03-15 20:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
(0095068) hudsonbot (developer) 2017-03-15 20:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
(0095089) hudsonbot (developer) 2017-03-15 20:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
(0095090) hudsonbot (developer) 2017-03-15 20:18 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/54e102bef53e [^] Maturity status: Test |
|
(0095472) hgbot (developer) 2017-03-21 14:55 |
Repository: erp/devel/pi Changeset: 6a49dfd6cb00f251606f1fd2608b792ca97b0e9b Author: Mark <markmm82 <at> gmail.com> Date: Mon Mar 20 10:56:06 2017 -0400 URL: http://code.openbravo.com/erp/devel/pi/rev/6a49dfd6cb00f251606f1fd2608b792ca97b0e9b [^] Related to issue 34676: Backed out changeset 0084ae9c0c18. Reverts changes of issue 34676 that creates the performance problem described in regression 35013. It allow to see other pricelists in the selector. In 17Q3 version will be improved the AD_ISORGINCLUDED function and then this solution will be evaluated again. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0095493) hudsonbot (developer) 2017-03-22 01:01 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/f76f24f98700 [^] Maturity status: Test |
|
(0095494) hudsonbot (developer) 2017-03-22 01:01 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/f76f24f98700 [^] Maturity status: Test |
|
(0095586) vmromanos (manager) 2017-03-27 13:31 |
Pending to be tested with AD_IsOrgIncluded performance refactor |
|
(0095750) vmromanos (manager) 2017-03-31 10:18 |
It is confirmed the fix is correct from a performance point of view, specially when applied with the AD_IsOrgIncluded performance refactor (0035590). The issue is scheduled again and will be included in 3.0PR17Q3 when 0035590 is closed |
|
(0095944) hgbot (developer) 2017-04-10 14:50 |
Repository: erp/devel/pi Changeset: 6026736637ce1ebf1a40e016962394aab4513ad5 Author: Atul Gaware <atul.gaware <at> openbravo.com> Date: Thu Dec 22 22:54:41 2016 +0530 URL: http://code.openbravo.com/erp/devel/pi/rev/6026736637ce1ebf1a40e016962394aab4513ad5 [^] Fixes Issue 34676:It is possible to see prices for list prices for organizations that you don't have access to. Problem is Organization property of Product Price in the Product Price By Warehouse view is not checked whether it appears in Natural Tree of the Current Logged in Organization. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0095945) hgbot (developer) 2017-04-10 14:51 |
Repository: erp/devel/pi Changeset: a79fdd227e3add50d95e02657290ef85651413d2 Author: Mark <markmm82 <at> gmail.com> Date: Thu Dec 22 13:22:46 2016 -0500 URL: http://code.openbravo.com/erp/devel/pi/rev/a79fdd227e3add50d95e02657290ef85651413d2 [^] Related to issue 34676: Code review improvements Reordered conditions in where clause. --- M src-db/database/sourcedata/OBUISEL_SELECTOR.xml --- |
|
(0095947) aferraz (manager) 2017-04-10 14:55 |
Reapply fix once 0035590 has been closed. |
|
(0096881) hudsonbot (developer) 2017-05-29 17:43 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/1ee70113bdc4 [^] Maturity status: Test |
|
(0096882) hudsonbot (developer) 2017-05-29 17:43 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/1ee70113bdc4 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2016-12-02 11:26 | JONHM | New Issue | |
| 2016-12-02 11:26 | JONHM | Assigned To | => platform |
| 2016-12-02 11:26 | JONHM | Modules | => Core |
| 2016-12-02 11:26 | JONHM | Resolution time | => 1481842800 |
| 2016-12-02 11:26 | JONHM | Triggers an Emergency Pack | => No |
| 2016-12-07 09:21 | alostale | Note Added: 0092156 | |
| 2016-12-07 09:21 | alostale | Status | new => closed |
| 2016-12-07 09:21 | alostale | Resolution | open => invalid |
| 2016-12-20 12:49 | egoitz | Resolution time | 1481842800 => 1482879600 |
| 2016-12-20 12:49 | egoitz | Assigned To | platform => Triage Finance |
| 2016-12-20 12:49 | egoitz | Status | closed => new |
| 2016-12-20 12:49 | egoitz | Summary | Defined Role has access to every organization's price lists => It is possible to see prices for list prices for organizations that you don't have access to. |
| 2016-12-20 12:49 | egoitz | Description Updated | View Revisions |
| 2016-12-20 12:49 | egoitz | Steps to Reproduce Updated | View Revisions |
| 2016-12-20 12:49 | egoitz | Issue Monitored: networkb | |
| 2016-12-20 12:50 | egoitz | Issue Monitored: maite | |
| 2016-12-20 12:52 | egoitz | Note Deleted: 0092156 | |
| 2016-12-20 12:56 | egoitz | Resolution time | 1482879600 => 1482793200 |
| 2016-12-20 16:00 | markmm82 | Assigned To | Triage Finance => AtulOpenbravo |
| 2016-12-20 17:17 | egoitz | Resolution | invalid => open |
| 2016-12-21 15:50 | markmm82 | Status | new => scheduled |
| 2017-01-04 18:15 | hgbot | Checkin | |
| 2017-01-04 18:15 | hgbot | Note Added: 0093198 | |
| 2017-01-04 18:15 | hgbot | Status | scheduled => resolved |
| 2017-01-04 18:15 | hgbot | Resolution | open => fixed |
| 2017-01-04 18:15 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/34c040a18ce0c1d1c72531210b38f8726fdd3aef [^] |
| 2017-01-04 18:15 | hgbot | Checkin | |
| 2017-01-04 18:15 | hgbot | Note Added: 0093199 | |
| 2017-01-04 18:20 | markmm82 | Review Assigned To | => markmm82 |
| 2017-01-04 18:20 | markmm82 | Note Added: 0093202 | |
| 2017-01-04 18:20 | markmm82 | Status | resolved => closed |
| 2017-01-04 18:20 | markmm82 | Fixed in Version | => 3.0PR17Q1 |
| 2017-01-05 08:39 | vmromanos | Note Added: 0093208 | |
| 2017-01-05 08:39 | vmromanos | Status | closed => new |
| 2017-01-05 08:39 | vmromanos | Resolution | fixed => open |
| 2017-01-05 08:39 | vmromanos | Fixed in Version | 3.0PR17Q1 => |
| 2017-01-05 14:42 | hgbot | Checkin | |
| 2017-01-05 14:42 | hgbot | Note Added: 0093230 | |
| 2017-01-12 14:30 | vmromanos | Relationship added | related to 0034928 |
| 2017-01-12 14:37 | vmromanos | Status | new => scheduled |
| 2017-01-12 14:37 | vmromanos | Note Added: 0093414 | |
| 2017-01-12 15:14 | hgbot | Checkin | |
| 2017-01-12 15:14 | hgbot | Note Added: 0093418 | |
| 2017-01-12 15:14 | hgbot | Status | scheduled => resolved |
| 2017-01-12 15:14 | hgbot | Resolution | open => fixed |
| 2017-01-12 15:14 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/34c040a18ce0c1d1c72531210b38f8726fdd3aef [^] => http://code.openbravo.com/erp/devel/pi/rev/0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 [^] |
| 2017-01-12 15:14 | hgbot | Checkin | |
| 2017-01-12 15:14 | hgbot | Note Added: 0093419 | |
| 2017-01-12 15:17 | markmm82 | Note Added: 0093420 | |
| 2017-01-12 15:17 | markmm82 | Status | resolved => closed |
| 2017-01-12 15:17 | markmm82 | Fixed in Version | => 3.0PR17Q2 |
| 2017-01-19 17:40 | JONHM | Relationship added | related to 0035013 |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095063 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095064 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095068 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095089 | |
| 2017-03-15 20:18 | hudsonbot | Checkin | |
| 2017-03-15 20:18 | hudsonbot | Note Added: 0095090 | |
| 2017-03-21 14:44 | markmm82 | Resolution time | 1482793200 => |
| 2017-03-21 14:44 | markmm82 | Fixed in Version | 3.0PR17Q2 => |
| 2017-03-21 14:46 | markmm82 | Status | closed => new |
| 2017-03-21 14:46 | markmm82 | Resolution | fixed => open |
| 2017-03-21 14:55 | hgbot | Checkin | |
| 2017-03-21 14:55 | hgbot | Note Added: 0095472 | |
| 2017-03-22 01:01 | hudsonbot | Checkin | |
| 2017-03-22 01:01 | hudsonbot | Note Added: 0095493 | |
| 2017-03-22 01:01 | hudsonbot | Checkin | |
| 2017-03-22 01:01 | hudsonbot | Note Added: 0095494 | |
| 2017-03-22 10:32 | vmromanos | Relationship added | depends on 0035590 |
| 2017-03-27 13:29 | maite | Resolution time | => 1506808800 |
| 2017-03-27 13:31 | vmromanos | Note Added: 0095586 | |
| 2017-03-27 13:31 | vmromanos | Assigned To | AtulOpenbravo => vmromanos |
| 2017-03-27 13:31 | vmromanos | Status | new => acknowledged |
| 2017-03-31 10:18 | vmromanos | Status | acknowledged => scheduled |
| 2017-03-31 10:18 | vmromanos | Note Added: 0095750 | |
| 2017-03-31 10:18 | vmromanos | Assigned To | vmromanos => AtulOpenbravo |
| 2017-04-10 14:50 | hgbot | Checkin | |
| 2017-04-10 14:50 | hgbot | Note Added: 0095944 | |
| 2017-04-10 14:50 | hgbot | Status | scheduled => resolved |
| 2017-04-10 14:50 | hgbot | Resolution | open => fixed |
| 2017-04-10 14:50 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/0084ae9c0c18835ee16ede128b9cbe8eb5a072e7 [^] => http://code.openbravo.com/erp/devel/pi/rev/6026736637ce1ebf1a40e016962394aab4513ad5 [^] |
| 2017-04-10 14:51 | hgbot | Checkin | |
| 2017-04-10 14:51 | hgbot | Note Added: 0095945 | |
| 2017-04-10 14:55 | aferraz | Note Added: 0095947 | |
| 2017-04-10 14:55 | aferraz | Status | resolved => closed |
| 2017-04-10 14:55 | aferraz | Fixed in Version | => 3.0PR17Q3 |
| 2017-05-29 17:43 | hudsonbot | Checkin | |
| 2017-05-29 17:43 | hudsonbot | Note Added: 0096881 | |
| 2017-05-29 17:43 | hudsonbot | Checkin | |
| 2017-05-29 17:43 | hudsonbot | Note Added: 0096882 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |