Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0036725 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] 01. General setup | major | always | 2017-08-28 10:13 | 2017-09-22 18:28 | |||
| Reporter | maite | View Status | public | |||||
| Assigned To | AugustoMauch | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 3.0PR17Q4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | cf859d178908 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | caristu | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0036725: Should not be possible to create new data when user is not able to edit existent data | |||||||
| Description | Should not be possible to create new data when user is not able to edit existent data | |||||||
| Steps To Reproduce | 0. Create new role named "españa" setting UserLevel=Organization 1. Edit "Org Access" to only leave access to "F&B España - Región Norte" and "F&B España - Región Sur" organizations 2. Edit "User Assigment" to define "Openbravo" 3. Logout and login again using "españa" role 4. Access Business Partner window and realize that you are able to see "F&B España, S.A" records bt not able to edit it (which is OK) 5. Access "Location/Address" tab and realize that you are not able to edit reord (which is OK) but you are able to create new record (which is not OK). Moreover it will be created to organization different from "F&B España, S.A" Same behavior present in Product window | |||||||
| Proposed Solution | Organization field was set as readonly in Business Partner, Product... tabs as you were able to create data inconsistency between header's org and tab's org. For that reason, user should not be able to create records in tabs where Organization field is not shown (such as Business Partner, Product...) and in case it has not edit permissions to header's organization | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0098743) aferraz (manager) 2017-08-31 10:08 |
Problem is reproducible in any window. You are not able to edit records belonging to organizations you don't have access to (which is ok). You are able to create records belonging to organizations you have access to (which is ok), but being children of records belonging to organizations you don't have access to (which is not ok). |
|
(0098822) alostale (manager) 2017-09-05 09:09 |
Setting as feedback as this issue is under internal discussion on how it should be addressed. |
|
(0099069) hgbot (developer) 2017-09-15 12:31 |
Repository: erp/devel/pi Changeset: 0c8047a2daa39f0c4daacccad122b69517a203e0 Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Fri Sep 15 12:27:06 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa39f0c4daacccad122b69517a203e0 [^] Fixes issue 36725: Check role write access to organization of parent record If the current role does not have writable access to the record selected in a tab, the user should not be allowed to create records in its subtabs. Now this is taken into account in order to enable/disable the toolbar buttons that create new records, and also in the logic that creates a link to create new records in a tab if the gr id is currently empty. Now it will not be possible to enter records in a subtab if: - The subtab has an editable organization field - The user's role does not have writable access to the organization of the record selected in the parent tab. Now the list of the current role of the user writable organizations is available in OB.User.writableOrganizations. --- M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/toolbar/ob-toolbar.js M modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/ApplicationDynamicComponent.java M modules/org.openbravo.client.kernel/src/org/openbravo/client/kernel/templates/application-dynamic-js.ftl --- |
|
(0099093) hgbot (developer) 2017-09-18 10:23 |
Repository: erp/devel/pi Changeset: f9da9c951a5dbec42cd7630692e55b7dd2c50f79 Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Mon Sep 18 10:20:43 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/f9da9c951a5dbec42cd7630692e55b7dd2c50f79 [^] Related with issue 36725: Prevents error when opening direct subtab The following case was not working: - Open Window, Tabs and Fields - Select any field, open it in form view - Click on the "Column" field title. It should open the Tables and Columns window and focus on the Column tab, but it will fail. This happens because it was not enough to check if this.parentView.viewGrid.getSelectedRecord() was null, it could also be undefined. --- M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js --- |
|
(0099400) hudsonbot (developer) 2017-09-21 16:50 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
(0099402) hudsonbot (developer) 2017-09-21 16:50 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/9750b78d3e5c [^] Maturity status: Test |
|
(0099464) caristu (developer) 2017-09-22 10:10 edited on: 2017-09-22 10:13 |
There is still one way to create records that is not being taken into account, through the right click context menu: - Right click > Insert row - Right click > New record in form https://docs.google.com/spreadsheets/d/18l2biKWeG6iGDIPqO6VuYQ_TtP_6YxyQU4KSrPvQlJ8/edit#gid=0 [^] |
|
(0099474) hgbot (developer) 2017-09-22 11:04 |
Repository: erp/devel/pi Changeset: cf859d178908414a35b159d55df22169cc7afd3d Author: Augusto Mauch <augusto.mauch <at> openbravo.com> Date: Fri Sep 22 10:40:47 2017 +0200 URL: http://code.openbravo.com/erp/devel/pi/rev/cf859d178908414a35b159d55df22169cc7afd3d [^] Fixes issue 36725: Records cannot be created using grid's contextual menu Now if the user cannot add records because its role does not have access to the organization selected in the parent tab, it will not be possible to add records using the grid's contextual menu. This needs to be addressed in two different contextuals menus: - The one shown when right-clicking on a grid record - The one shown when right-clicking on the grid empty space Also, simplifies an if condition to check for null/undefined --- M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/grid/ob-view-grid.js M modules/org.openbravo.client.application/web/org.openbravo.client.application/js/main/ob-standard-view.js --- |
|
(0099480) caristu (developer) 2017-09-22 12:34 |
Code reviewed + tested OK. |
|
(0099501) hudsonbot (developer) 2017-09-22 18:28 |
A changeset related to this issue has been promoted main and to the Central Repository, after passing a series of tests. Promotion changeset: https://code.openbravo.com/erp/devel/main/rev/b4329e391b82 [^] Maturity status: Test |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2017-08-28 10:13 | maite | New Issue | |
| 2017-08-28 10:13 | maite | Assigned To | => Triage Finance |
| 2017-08-28 10:13 | maite | Modules | => Core |
| 2017-08-28 10:13 | maite | Resolution time | => 1505080800 |
| 2017-08-28 10:13 | maite | Triggers an Emergency Pack | => No |
| 2017-08-28 10:13 | maite | Issue Monitored: networkb | |
| 2017-08-31 09:40 | aferraz | Steps to Reproduce Updated | View Revisions |
| 2017-08-31 10:00 | aferraz | Assigned To | Triage Finance => platform |
| 2017-08-31 10:08 | aferraz | Note Added: 0098743 | |
| 2017-08-31 11:47 | alostale | Relationship added | duplicate of 0026170 |
| 2017-09-05 09:09 | alostale | Note Added: 0098822 | |
| 2017-09-05 09:09 | alostale | Status | new => feedback |
| 2017-09-11 10:45 | maite | Relationship added | related to 0036661 |
| 2017-09-13 16:36 | maite | Status | feedback => new |
| 2017-09-14 10:03 | AugustoMauch | Assigned To | platform => AugustoMauch |
| 2017-09-15 12:30 | AugustoMauch | Review Assigned To | => caristu |
| 2017-09-15 12:31 | hgbot | Checkin | |
| 2017-09-15 12:31 | hgbot | Note Added: 0099069 | |
| 2017-09-15 12:31 | hgbot | Status | new => resolved |
| 2017-09-15 12:31 | hgbot | Resolution | open => fixed |
| 2017-09-15 12:31 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa39f0c4daacccad122b69517a203e0 [^] |
| 2017-09-15 12:43 | AugustoMauch | Relationship added | related to 0036866 |
| 2017-09-18 10:23 | hgbot | Checkin | |
| 2017-09-18 10:23 | hgbot | Note Added: 0099093 | |
| 2017-09-21 16:50 | hudsonbot | Checkin | |
| 2017-09-21 16:50 | hudsonbot | Note Added: 0099400 | |
| 2017-09-21 16:50 | hudsonbot | Checkin | |
| 2017-09-21 16:50 | hudsonbot | Note Added: 0099402 | |
| 2017-09-22 10:10 | caristu | Note Added: 0099464 | |
| 2017-09-22 10:12 | caristu | Note Edited: 0099464 | View Revisions |
| 2017-09-22 10:13 | caristu | Note Edited: 0099464 | View Revisions |
| 2017-09-22 10:32 | caristu | Status | resolved => new |
| 2017-09-22 10:32 | caristu | Resolution | fixed => open |
| 2017-09-22 11:04 | hgbot | Checkin | |
| 2017-09-22 11:04 | hgbot | Note Added: 0099474 | |
| 2017-09-22 11:04 | hgbot | Status | new => resolved |
| 2017-09-22 11:04 | hgbot | Resolution | open => fixed |
| 2017-09-22 11:04 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/devel/pi/rev/0c8047a2daa39f0c4daacccad122b69517a203e0 [^] => http://code.openbravo.com/erp/devel/pi/rev/cf859d178908414a35b159d55df22169cc7afd3d [^] |
| 2017-09-22 12:34 | caristu | Note Added: 0099480 | |
| 2017-09-22 12:34 | caristu | Status | resolved => closed |
| 2017-09-22 12:34 | caristu | Fixed in Version | => 3.0PR17Q4 |
| 2017-09-22 18:28 | hudsonbot | Checkin | |
| 2017-09-22 18:28 | hudsonbot | Note Added: 0099501 | |
| 2017-09-26 13:20 | caristu | Relationship added | causes 0036953 |
| 2019-05-27 17:12 | mtaal | Relationship added | related to 0039784 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |