Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0040669
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Retail Modules] Web POSmajoralways2019-04-24 12:562019-05-03 11:14
ReportermalsasuaView Statuspublic 
Assigned Toranjith_qualiantech_com 
PrioritynormalResolutionfixedFixed in VersionRR19Q3
StatusclosedFix in branchFixed in SCM revision98f8354d0b1a
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Toguilleaer
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0040669: Terminal can be linked in Terminal Authentication process by one user without permission for the store

DescriptionThe Terminal Authentication process can be executed by one user that he has not got permission for the store of terminal
Steps To Reproducein livebuilds
[BO]
. go to Role window:
- VallBlancaUser
- in Org Access tab:
- remove Vall Blanca Store record

. go to Preference window and enable the Terminal Authentication process


[POS]
- Terminal Authentication window is displayed
- link using vallblanca user
the link is done properly, and he has not got to VBS store
Proposed Solutionthis code should be added in Terminal Authentication process:

      // Issue 28142: We also need to check if the organization of the user belongs to the natural
      // organization tree of the Terminal
      OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery(
          OBPOSApplications.class,
          "where searchKey = :terminalSearchKey and ((ad_isorgincluded("
              + "(select organization from ADUser where id= :userId)"
              + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, "
              + "(select organization from ADUser where id= :userId)" + ", client.id) <> -1)) ");
      appQry.setFilterOnReadableClients(false);
      appQry.setFilterOnReadableOrganization(false);
      appQry.setNamedParameter("terminalSearchKey", terminalSearchKey);
      appQry.setNamedParameter("userId", userId);
      List<OBPOSApplications> appList = appQry.list();
      if (appList.isEmpty()) {
        try {
          errorLogin(res, vars, session, "OBPOS_USER_NO_ACCESS_TO_TERMINAL_TITLE",
              "OBPOS_USER_TERMINAL_DIFFERENT_ORG_MSG", new ArrayList<String>() {
                private static final long serialVersionUID = 1L;
                {
                  add(terminalSearchKey);
                }
              });
        } catch (Exception e) {
          log4j.error("Error in login", e);
          return null;
        }
      }
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0111365)
hgbot (developer)
2019-04-29 08:36

Repository: erp/pmods/org.openbravo.retail.posterminal
Changeset: 98f8354d0b1a0f6c7961403fee7f46c7b0b37dec
Author: Ranjith S R <ranjith <at> qualiantech.com>
Date: Mon Apr 29 11:56:41 2019 +0530
URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^]

Fixed issue 40669 : User Role Organization must have access to the store organization

* During Terminal Authentication, if the store organization is not present in the users role organization,
  then authentication process should be prevented
* Above Validation added when doing login and in terminal authentication

---
M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java
M src/org/openbravo/retail/posterminal/POSLoginHandler.java
---

- Issue History
Date Modified Username Field Change
2019-04-24 12:56 malsasua New Issue
2019-04-24 12:56 malsasua Assigned To => Retail
2019-04-24 12:56 malsasua Triggers an Emergency Pack => No
2019-04-25 08:39 ranjith_qualiantech_com Assigned To Retail => ranjith_qualiantech_com
2019-04-25 09:07 ranjith_qualiantech_com Status new => scheduled
2019-04-29 08:36 hgbot Checkin
2019-04-29 08:36 hgbot Note Added: 0111365
2019-04-29 08:36 hgbot Status scheduled => resolved
2019-04-29 08:36 hgbot Resolution open => fixed
2019-04-29 08:36 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^]
2019-05-03 11:14 guilleaer Review Assigned To => guilleaer
2019-05-03 11:14 guilleaer Status resolved => closed
2019-05-03 11:14 guilleaer Fixed in Version => RR19Q3


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker