Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0038800 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] 02. Master data management | major | always | 2018-06-21 11:08 | 2018-08-01 13:38 | |||
| Reporter | JONHM | View Status | public | |||||
| Assigned To | jarmendariz | |||||||
| Priority | high | Resolution | no change required | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0038800: It is possible to see the button action for records that are in read only (no access) | |||||||
| Description | It is possible to see the button action for records that are in read only, logged with a user with no access to that organization. | |||||||
| Steps To Reproduce | - Create a new Sales Order with Openbravo user, select organization "F&B España, S.A" and book the SO. - Open "Role" window and select 'F&B España, S.A - Finance' role. Remove access to every organization but 'F&B España - Región Norte'. - Assign 'John Smith' user to that role. - Log out and log in using 'John Smith' user. - Open 'Sales Order' window and select the previously created record. It's in read only but the buttons are displayed and 'Add Payment' process can be opened. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files |  Screenshot from 2018-06-21 11-08-11.png [^] (121,544 bytes) 2018-06-21 11:08
| |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0105943) caristu (developer) 2018-07-25 12:09 edited on: 2018-07-25 12:17 |
Note: currently processes can be secured in 3 ways: - Secured preference is set: explicit grant is required - Process is marked as requiresExplicitAccessPermission: explicit grant is required - None of the above: permission is inherited from window Following the steps to reproduce the permissions for the processes are being inherited from the window (from the Sales Order window which the F&B España, S.A - Finance role has access to). |
|
(0106084) alostale (manager) 2018-08-01 13:38 |
Working as designed: in general there are processes that make sense to be executable for records in the natural tree of writable organizations. Even there are some processes that shouldn't allow it, there is no currently any way to differentiate them (reported separately by 0039078). Those processes that shouldn't allow execution for non-writable records should report an error when tried to be executed although they cannot be currently distinguished in the UI. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2018-06-21 11:08 | JONHM | New Issue | |
| 2018-06-21 11:08 | JONHM | Assigned To | => Triage Finance |
| 2018-06-21 11:08 | JONHM | File Added: Screenshot from 2018-06-21 11-08-11.png | |
| 2018-06-21 11:08 | JONHM | Modules | => Core |
| 2018-06-21 11:08 | JONHM | Resolution time | => 1531346400 |
| 2018-06-21 11:08 | JONHM | Triggers an Emergency Pack | => No |
| 2018-06-22 08:46 | Sandrahuguet | Assigned To | Triage Finance => AtulOpenbravo |
| 2018-07-02 16:07 | Sandrahuguet | Assigned To | AtulOpenbravo => platform |
| 2018-07-25 12:09 | caristu | Review Assigned To | => caristu |
| 2018-07-25 12:09 | caristu | Note Added: 0105943 | |
| 2018-07-25 12:09 | caristu | Status | new => closed |
| 2018-07-25 12:15 | caristu | Assigned To | platform => jarmendariz |
| 2018-07-25 12:15 | caristu | Status | closed => new |
| 2018-07-25 12:15 | caristu | Note Edited: 0105943 | View Revisions |
| 2018-07-25 12:17 | caristu | Note Edited: 0105943 | View Revisions |
| 2018-07-30 09:39 | caristu | Review Assigned To | caristu => |
| 2018-08-01 13:34 | alostale | Relationship added | related to 0039078 |
| 2018-08-01 13:38 | alostale | Note Added: 0106084 | |
| 2018-08-01 13:38 | alostale | Status | new => closed |
| 2018-08-01 13:38 | alostale | Resolution | open => no change required |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |