Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0038011 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | major | always | 2018-02-27 17:26 | 2018-03-06 16:15 | |||
| Reporter | marvintm | View Status | public | |||||
| Assigned To | jorge-garcia | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | RR18Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | marvintm | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0038011: There are some SecuredJSONProcess classes which do not specify preference to check | |||||||
| Description | The SecuredJSONProcess class provides a mechanism to associate the class to the functionality it provides via the preference that it is used to secure it. However, some classes are not specifying this permission, which allows roles without the preference to generate a request which will be accepted by the backend server. | |||||||
| Steps To Reproduce | . | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0102855) hgbot (developer) 2018-02-27 17:31 |
Repository: erp/pmods/org.openbravo.mobile.core Changeset: 02f0d7a4c188170382e2ba1e6a8b1f0fef98abf6 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:30:48 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.core/rev/02f0d7a4c188170382e2ba1e6a8b1f0fef98abf6 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for mobile core module. --- M src/org/openbravo/mobile/core/servercontroller/SynchronizedServerProcessCaller.java --- |
|
(0102856) hgbot (developer) 2018-02-27 17:32 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: 522297061bccd57c1857bf872ebbce731cc32fcb Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:32:16 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/522297061bccd57c1857bf872ebbce731cc32fcb [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for posterminal module. --- M src/org/openbravo/retail/posterminal/CancelLayawayLoader.java M src/org/openbravo/retail/posterminal/CheckProcessingMessage.java M src/org/openbravo/retail/posterminal/CheckTerminalAuth.java M src/org/openbravo/retail/posterminal/ProcessCashClose.java M src/org/openbravo/retail/posterminal/ProcessCashCloseMaster.java M src/org/openbravo/retail/posterminal/ProcessCashCloseSlave.java M src/org/openbravo/retail/posterminal/ProcessCashMgmt.java M src/org/openbravo/retail/posterminal/ProcessCashMgmtMaster.java M src/org/openbravo/retail/posterminal/QuotationsReject.java M src/org/openbravo/retail/posterminal/process/IsOrderCancelled.java M src/org/openbravo/retail/posterminal/term/CloseCashPayments.java M src/org/openbravo/retail/posterminal/term/Payments.java --- |
|
(0102893) hgbot (developer) 2018-03-01 09:43 |
Repository: erp/pmods/org.openbravo.mobile.procurement Changeset: ab9cdcf6dac7702854eed039800685023d0652c4 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:42:52 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.procurement/rev/ab9cdcf6dac7702854eed039800685023d0652c4 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for mobile procurement module. --- M src/org/openbravo/mobile/procurement/sync/SetBusinessPartner.java M src/org/openbravo/mobile/procurement/term/BusinessPartner.java --- |
|
(0102894) hgbot (developer) 2018-03-01 09:44 |
Repository: erp/pmods/org.openbravo.mobile.warehouse.physicalinventory Changeset: 331e0b7b7cad3618496a5f9365be9ca01a22a353 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:42:16 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.mobile.warehouse.physicalinventory/rev/331e0b7b7cad3618496a5f9365be9ca01a22a353 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for mobile warehouse physicalinventory module. --- M src/org/openbravo/mobile/warehouse/physicalinventory/ProcessPhysicalInventory.java --- |
|
(0102895) hgbot (developer) 2018-03-01 09:44 |
Repository: erp/pmods/org.openbravo.retail.discounts.coupons Changeset: 86871cb5a35ca5a5499672d9c875b1cc94a1a065 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:40:56 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.discounts.coupons/rev/86871cb5a35ca5a5499672d9c875b1cc94a1a065 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for discount coupons module. --- M src/org/openbravo/retail/discounts/coupons/CouponUsed.java --- |
|
(0102896) hgbot (developer) 2018-03-01 09:44 |
Repository: erp/pmods/org.openbravo.retail.verystar Changeset: e795cbd5a7c364d9c1c49b311d8444e7af8fc77d Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:36:46 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.verystar/rev/e795cbd5a7c364d9c1c49b311d8444e7af8fc77d [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for verystar module. --- M src/org/openbravo/retail/verystar/model/VerystarProperties.java --- |
|
(0102897) hgbot (developer) 2018-03-01 09:44 |
Repository: erp/pmods/org.openbravo.retail.loyalty Changeset: 015503a780db26f7443ae9b58c0f3c7058979346 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:35:37 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.loyalty/rev/015503a780db26f7443ae9b58c0f3c7058979346 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for loyalty module. --- M src/org/openbravo/retail/loyalty/communication/PointsBalanceRequest.java --- |
|
(0102906) hgbot (developer) 2018-03-02 09:04 |
Repository: erp/pmods/org.openbravo.retail.giftcards Changeset: 287f64e0f9184644540f73371d523fa38af27ee0 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:43:59 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.giftcards/rev/287f64e0f9184644540f73371d523fa38af27ee0 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for giftcards module. --- M src/org/openbravo/retail/giftcards/CancelGiftCard.java M src/org/openbravo/retail/giftcards/CancelGiftCardTransaction.java M src/org/openbravo/retail/giftcards/CheckDuplicityOfID.java M src/org/openbravo/retail/giftcards/CloseGiftCard.java M src/org/openbravo/retail/giftcards/ConsumeGiftCardAmount.java M src/org/openbravo/retail/giftcards/ConsumeGiftCardLines.java M src/org/openbravo/retail/giftcards/FindCreditNote.java M src/org/openbravo/retail/giftcards/FindGiftCards.java M src/org/openbravo/retail/giftcards/GiftCardCertificate.java M src/org/openbravo/retail/giftcards/ListGiftCard.java M src/org/openbravo/retail/giftcards/RevertGiftCardAmount.java M src/org/openbravo/retail/giftcards/master/CashMgmtEvents.java M src/org/openbravo/retail/giftcards/master/GiftCardReason.java --- |
|
(0102907) hgbot (developer) 2018-03-02 09:04 |
Repository: erp/pmods/org.openbravo.retail.stockvalidation Changeset: 019c25673b879b9240635a32e1339105b3d05c90 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:38:58 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.stockvalidation/rev/019c25673b879b9240635a32e1339105b3d05c90 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for stockvalidation module. --- M src/org/openbravo/retail/stockvalidation/OrderFromQuotationStockChecker.java M src/org/openbravo/retail/stockvalidation/StockChecker.java --- |
|
(0102908) hgbot (developer) 2018-03-02 09:05 |
Repository: erp/pmods/org.openbravo.retail.sessions Changeset: cf2a7175d8cf78c9d82b6998922d8829639bdd3e Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:38:18 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.sessions/rev/cf2a7175d8cf78c9d82b6998922d8829639bdd3e [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for sessions module. --- M src/org/openbravo/retail/sessions/SalesReportProcess.java --- |
|
(0102909) hgbot (developer) 2018-03-02 09:05 |
Repository: erp/pmods/org.openbravo.retail.selfcheckout Changeset: 38162123af9023253e4c5098804e51a0524edf5c Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Tue Feb 27 17:36:16 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.selfcheckout/rev/38162123af9023253e4c5098804e51a0524edf5c [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Secure JSONProcesses for selfcheckout module. --- M src/org/openbravo/retail/selfcheckout/model/OBSCOConfigurationProperties.java --- |
|
(0102915) hgbot (developer) 2018-03-02 12:26 |
Repository: erp/pmods/org.openbravo.retail.giftcards Changeset: 4cd01d8a25d57bed10c5446af13bd32a00bd7fd1 Author: Jorge Garcia <jorge.garcia <at> openbravo.com> Date: Fri Mar 02 12:24:26 2018 +0100 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.giftcards/rev/4cd01d8a25d57bed10c5446af13bd32a00bd7fd1 [^] Related to issue 38011: There are some SecuredJSONProcess classes which do not specify preference to check Revert two java classes which should not be changed. --- M src/org/openbravo/retail/giftcards/master/CashMgmtEvents.java M src/org/openbravo/retail/giftcards/master/GiftCardReason.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2018-02-27 17:26 | marvintm | New Issue | |
| 2018-02-27 17:26 | marvintm | Assigned To | => Retail |
| 2018-02-27 17:26 | marvintm | Triggers an Emergency Pack | => No |
| 2018-02-27 17:31 | hgbot | Checkin | |
| 2018-02-27 17:31 | hgbot | Note Added: 0102855 | |
| 2018-02-27 17:32 | hgbot | Checkin | |
| 2018-02-27 17:32 | hgbot | Note Added: 0102856 | |
| 2018-02-27 17:45 | jorge-garcia | Status | new => scheduled |
| 2018-02-27 17:45 | jorge-garcia | Assigned To | Retail => jorge-garcia |
| 2018-03-01 09:43 | hgbot | Checkin | |
| 2018-03-01 09:43 | hgbot | Note Added: 0102893 | |
| 2018-03-01 09:44 | hgbot | Checkin | |
| 2018-03-01 09:44 | hgbot | Note Added: 0102894 | |
| 2018-03-01 09:44 | hgbot | Checkin | |
| 2018-03-01 09:44 | hgbot | Note Added: 0102895 | |
| 2018-03-01 09:44 | hgbot | Checkin | |
| 2018-03-01 09:44 | hgbot | Note Added: 0102896 | |
| 2018-03-01 09:44 | hgbot | Checkin | |
| 2018-03-01 09:44 | hgbot | Note Added: 0102897 | |
| 2018-03-02 09:04 | hgbot | Checkin | |
| 2018-03-02 09:04 | hgbot | Note Added: 0102906 | |
| 2018-03-02 09:04 | hgbot | Checkin | |
| 2018-03-02 09:04 | hgbot | Note Added: 0102907 | |
| 2018-03-02 09:05 | hgbot | Checkin | |
| 2018-03-02 09:05 | hgbot | Note Added: 0102908 | |
| 2018-03-02 09:05 | hgbot | Checkin | |
| 2018-03-02 09:05 | hgbot | Note Added: 0102909 | |
| 2018-03-02 12:26 | hgbot | Checkin | |
| 2018-03-02 12:26 | hgbot | Note Added: 0102915 | |
| 2018-03-05 12:52 | jorge-garcia | Status | scheduled => resolved |
| 2018-03-05 12:52 | jorge-garcia | Fixed in Version | => RR18Q2 |
| 2018-03-05 12:52 | jorge-garcia | Resolution | open => fixed |
| 2018-03-06 16:15 | marvintm | Review Assigned To | => marvintm |
| 2018-03-06 16:15 | marvintm | Status | resolved => closed |
| 2018-04-12 14:01 | rafaroda | Relationship added | related to 0038343 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |