Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0040669 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | major | always | 2019-04-24 12:56 | 2019-05-03 11:14 | |||
| Reporter | malsasua | View Status | public | |||||
| Assigned To | ranjith_qualiantech_com | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | RR19Q3 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 98f8354d0b1a | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | guilleaer | |||||||
| OBNetwork customer | Gold | |||||||
| Support ticket | 9338 | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0040669: Terminal can be linked in Terminal Authentication process by one user without permission for the store | |||||||
| Description | The Terminal Authentication process can be executed by one user that he has not got permission for the store of terminal | |||||||
| Steps To Reproduce | in livebuilds [BO] . go to Role window: - VallBlancaUser - in Org Access tab: - remove Vall Blanca Store record . go to Preference window and enable the Terminal Authentication process [POS] - Terminal Authentication window is displayed - link using vallblanca user the link is done properly, and he has not got to VBS store | |||||||
| Proposed Solution | this code should be added in Terminal Authentication process: // Issue 28142: We also need to check if the organization of the user belongs to the natural // organization tree of the Terminal OBQuery<OBPOSApplications> appQry = OBDal.getInstance().createQuery( OBPOSApplications.class, "where searchKey = :terminalSearchKey and ((ad_isorgincluded(" + "(select organization from ADUser where id= :userId)" + ", organization, client.id) <> -1) or " + "(ad_isorgincluded(organization, " + "(select organization from ADUser where id= :userId)" + ", client.id) <> -1)) "); appQry.setFilterOnReadableClients(false); appQry.setFilterOnReadableOrganization(false); appQry.setNamedParameter("terminalSearchKey", terminalSearchKey); appQry.setNamedParameter("userId", userId); List<OBPOSApplications> appList = appQry.list(); if (appList.isEmpty()) { try { errorLogin(res, vars, session, "OBPOS_USER_NO_ACCESS_TO_TERMINAL_TITLE", "OBPOS_USER_TERMINAL_DIFFERENT_ORG_MSG", new ArrayList<String>() { private static final long serialVersionUID = 1L; { add(terminalSearchKey); } }); } catch (Exception e) { log4j.error("Error in login", e); return null; } } | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|
 Relationships |
|
Notes |
|
|
(0111365) hgbot (developer) 2019-04-29 08:36 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: 98f8354d0b1a0f6c7961403fee7f46c7b0b37dec Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Mon Apr 29 11:56:41 2019 +0530 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^] Fixed issue 40669 : User Role Organization must have access to the store organization * During Terminal Authentication, if the store organization is not present in the users role organization, then authentication process should be prevented * Above Validation added when doing login and in terminal authentication --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java M src/org/openbravo/retail/posterminal/POSLoginHandler.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2019-04-24 12:56 | malsasua | New Issue | |
| 2019-04-24 12:56 | malsasua | Assigned To | => Retail |
| 2019-04-24 12:56 | malsasua | OBNetwork customer | => Gold |
| 2019-04-24 12:56 | malsasua | Support ticket | => 9338 |
| 2019-04-24 12:56 | malsasua | Resolution time | => 1557784800 |
| 2019-04-24 12:56 | malsasua | Triggers an Emergency Pack | => No |
| 2019-04-25 08:39 | ranjith_qualiantech_com | Assigned To | Retail => ranjith_qualiantech_com |
| 2019-04-25 09:07 | ranjith_qualiantech_com | Status | new => scheduled |
| 2019-04-29 08:36 | hgbot | Checkin | |
| 2019-04-29 08:36 | hgbot | Note Added: 0111365 | |
| 2019-04-29 08:36 | hgbot | Status | scheduled => resolved |
| 2019-04-29 08:36 | hgbot | Resolution | open => fixed |
| 2019-04-29 08:36 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/98f8354d0b1a0f6c7961403fee7f46c7b0b37dec [^] |
| 2019-05-03 11:14 | guilleaer | Review Assigned To | => guilleaer |
| 2019-05-03 11:14 | guilleaer | Status | resolved => closed |
| 2019-05-03 11:14 | guilleaer | Fixed in Version | => RR19Q3 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |