Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0034931
TypeCategorySeverityReproducibilityDate SubmittedLast Update
design defect[Openbravo ERP] A. Platformmajoralways2017-01-12 17:052022-02-01 08:08
ReporterJONHMView Statuspublic 
Assigned ToTriage Platform Base 
PriorityhighResolutionopenFixed in Version
StatusacknowledgedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0034931: Using both WS types return different information for the same user

DescriptionWhen granting some window access to a role (which it suppose to only have permission to view the related tables of that window), it shows different data in both Web Services. It shows more properties to related Entities using JSon web service than using DAL Web Service.
Notice that flows of both WS types (DAL and JSon) are different.
Steps To Reproduce1) Create Role "test" in [Role] window:
    name: test
    user level: Client+Organization
    - check "manual" checkbox on and also check on the "Is Web Service Enabled" checkbox
    -- Then Switch to "Org Access" tab and give access to '*' and finally switch to "Window Access" tab and give access to window "Warehouse and Storage Bins"

2) Create User "test" in [User] window:
    name: test
    username: test
    password: openbravo
    - Then switch to "User Roles" tab and add the previous created role "test".

3) Using some chrome tool, like 'Postman' to check web services, introduce the URL to check if our user have access to 'Orders' or 'Country' (notice that we tried the issue into Openbravo livebuilds, when trying on a localhost environment it should be replaced by http://localhost:8080/openbravo/ws/dal/... [^]):


3.1) First, let's try the JSon WS:
https://livebuilds.openbravo.com/erp_pi_pgsql/org.openbravo.service.json.jsonrest/Order [^]
--> Notice that several fields are displayed, like partnerAddress, userContact and more info.

3.2) Then, try it on DAL WS:
https://livebuilds.openbravo.com/erp_pi_pgsql/ws/dal/Order [^]
--> Notice that only three fields are displayed (documentNo, orderDate, grandTotalAmount)
TagsNo tags attached.
Attached Filespng file icon Screenshot from 2017-01-12 17-28-10.png [^] (146,133 bytes) 2017-01-12 17:28

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0093433)
JONHM (developer)
2017-01-12 17:07

 - WS DAL: The data is parsed by the EntityXMLConverter class and only takes into account if the entity is derived readable to return only id and identifier.

- WS JSON: The data is parse by the DataToJSONConverter class and takes into account if the entity is derived readable or whether the property is allowDerivedRead.

- Issue History
Date Modified Username Field Change
2017-01-12 17:05 JONHM New Issue
2017-01-12 17:05 JONHM Assigned To => platform
2017-01-12 17:05 JONHM Modules => Core
2017-01-12 17:05 JONHM Triggers an Emergency Pack => No
2017-01-12 17:07 JONHM Note Added: 0093433
2017-01-12 17:25 JONHM Summary Extra granted access to Entities using JSon Web Service => Using both WS types return different information for the same user
2017-01-12 17:25 JONHM Description Updated View Revisions
2017-01-12 17:25 JONHM Steps to Reproduce Updated View Revisions
2017-01-12 17:28 JONHM File Added: Screenshot from 2017-01-12 17-28-10.png
2017-06-02 10:52 alostale Status new => acknowledged
2022-02-01 08:08 alostale Assigned To platform => Triage Platform Base

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker