Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0038659
TypeCategorySeverityReproducibilityDate SubmittedLast Update
feature request[Openbravo ERP] C. Securityminorhave not tried2018-05-30 15:542018-06-04 09:57
ReporteralostaleView Statuspublic 
Assigned Toalostale 
PrioritynormalResolutionfixedFixed in Version3.0PR18Q3
StatusclosedFix in branchFixed in SCM revision5ae34663c033
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Merge Request Status
Review Assigned Tocaristu
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0038659: new roles should be manual by default

DescriptionWhen creating new Roles, it is possible to define whether access for all objects will be granted automatically or not (through the Manual flag) also in case of automatic access if access to advanced features will be granted, see doc [1].

Currently new roles are defaulted to automatically be granted to all possible objects by being not manual and advanced features.

It is more common to have restricted roles with access to only some specific objects than roles with access to all of them.

Current defaults are error prone: if the user creating a new role forgets to flag default "Manual" field and saves the new role, all objects will be automatically granted. Setting it correctly afterwards, forces to remove access to all those objects.

---
[1] http://wiki.openbravo.com/wiki/Role [^]
Steps To Reproduce1. Create a new role keeping all default values
  -> check there is access to all windows, reports, etc

Proposed Solution-Change defaults to
  Manual: Yes
  Advanced: No
- If a role is updated afterwards from manual to automatic, grant access to all objects automatically
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to feature request 0038689 closedcaristu It should not be possible to set as Automatic those Manual roles inheriting permissions 

-  Notes
(0104842)
hgbot (developer)
2018-05-31 14:25

 Repository: erp/devel/pi
Changeset: 5ae34663c0339d067e787c2e4f9784df253bbbfe
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Wed May 30 13:03:45 2018 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/5ae34663c0339d067e787c2e4f9784df253bbbfe [^]

fixes 38659: new roles should be manual by default

  * By default, new roles are now maked as manual and not advanced
  * When a role is moved from manual to automatic, permissions are now recalculated
  * Roles created in Initial Client and Org setup are kept as privileged

---
M src-db/database/model/tables/AD_ROLE.xml
M src-db/database/model/triggers/AD_ROLE_TRG.xml
M src-db/database/sourcedata/AD_COLUMN.xml
M src/org/openbravo/erpCommon/businessUtility/InitialSetupUtility.java
---
(0104904)
caristu (viewer)
2018-06-04 09:57

 Code reviewed + tested OK.

- Issue History
Date Modified Username Field Change
2018-05-30 15:54 alostale New Issue
2018-05-30 15:54 alostale Assigned To => alostale
2018-05-30 15:54 alostale OBNetwork customer => No
2018-05-30 15:54 alostale Modules => Core
2018-05-30 15:54 alostale Triggers an Emergency Pack => No
2018-05-31 14:25 hgbot Checkin
2018-05-31 14:25 hgbot Note Added: 0104842
2018-05-31 14:25 hgbot Status new => resolved
2018-05-31 14:25 hgbot Resolution open => fixed
2018-05-31 14:25 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/5ae34663c0339d067e787c2e4f9784df253bbbfe [^]
2018-05-31 14:28 alostale Review Assigned To => caristu
2018-06-04 09:54 caristu Issue cloned 0038689
2018-06-04 09:54 caristu Relationship added related to 0038689
2018-06-04 09:57 caristu Note Added: 0104904
2018-06-04 09:57 caristu Status resolved => closed
2018-06-04 09:57 caristu Fixed in Version => 3.0PR18Q3

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker