Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0043828 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Retail Modules] Web POS | critical | have not tried | 2020-04-22 17:40 | 2020-05-12 09:22 | |||
| Reporter | inaki_garcia | View Status | public | |||||
| Assigned To | ranjith_qualiantech_com | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | RR20Q3 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 5fc23f1ec284 | ||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | marvintm | |||||||
| Regression level | Packaging and release | |||||||
| Regression date | 2020-02-10 | |||||||
| Regression introduced in release | main | |||||||
| Regression introduced by commit | https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c027ae221f7e [^] | |||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0043828: [20Q2] User access and visibility management per terminal via "POS Terminal Access" subtab no longer works | |||||||
| Description | Entering rows in the "POS Terminal Access" subtab in the "User" tab in the backend has lost its effect in specifying the users allowance in terminals at an Organization level, meaning that users sharing organization with the terminals will be listed in all of the terminals/touchpoints. This regression is considered critical, since it poses an important security risk for organizations with many users and terminals. Reproducible in builds updated to 20Q2, but not in 20Q1. | |||||||
| Steps To Reproduce | -- In the Backend 0. Log in the Backend with the "The White Valley Group Admin" role 1. Create a new user and save it 2. Add in a record with the "VallBlancaManual" Role in User Roles subtab and save it -- In the Frontend 3. Navigate to the VBS-1 terminal NOTICE that the created user appears listed, as expected -- In the Backend 4. For the previously created user, add in a record with the "VBA1001" Touchpoint in the POS Terminal Access subtab, and save it -- In the Frontend 5. Refresh the Web POS NOTICE that the created user STILL appears, which is an incorrect. The user should only show in the specified VBA1001 terminal/touchpoint. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0119376) hgbot (developer) 2020-04-24 02:55 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: ea35a851d62e64667d4c3baf6a366163e9bc98c9 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Fri Apr 24 06:25:13 2020 +0530 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ea35a851d62e64667d4c3baf6a366163e9bc98c9 [^] Fixed issue-43828 : Modified Login UserList query to list users based on Terminal Access * If Pref. "Filter User based on Terminal Access", users added in Terminal Access will be listed If not enabled, either user should present in Terminal Access or user should not present in Terminal Access --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java --- |
|
(0119467) guilleaer (manager) 2020-04-28 13:29 |
It seems that fix for issue is not working fine Having 2 users user A user B 1 terminal terminal T1 Go to users and add access for terminal t1 to user A User A and User B are shown in web POS login screen. Only user A should be allowed |
|
(0119482) hgbot (developer) 2020-04-29 05:49 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: 17735b88fc79e83e08d0e90949292c66c7329ec3 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Wed Apr 29 09:18:39 2020 +0530 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/17735b88fc79e83e08d0e90949292c66c7329ec3 [^] Fixed issue-43828 : Modified Login UserList query to list users based on Preference * If Pref. "Filter User based on Terminal Access", is defined, it will list users only which are added under POS Terminal access tab * If Pref. "Filter User based on Terminal Access", is not defined, if a user defined in particular terminals in POS Terminal access, user will be shown only in those terminals If user is not defined in POS Terminal access, then it will shown for all terminals * Same query will be used to list the list for approvals --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java --- |
|
(0119486) hgbot (developer) 2020-04-29 09:15 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: ad1152576877be74f81b9ba611e7b3999a1825f3 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Wed Apr 29 12:45:14 2020 +0530 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ad1152576877be74f81b9ba611e7b3999a1825f3 [^] Related to issue-43828 : Added method to preserve functionality in LoginUtilsServlet * To Preserve Existing functionality, added method doFilterUserOnlyByTerminalAccessPreference without any parameter --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java --- |
|
(0119743) ranjith_qualiantech_com (developer) 2020-05-12 07:13 edited on: 2020-05-12 07:27 |
Query performance was very slow due to Terminal Access and Preference join queries |
|
(0119744) hgbot (developer) 2020-05-12 07:16 |
Repository: erp/pmods/org.openbravo.retail.posterminal Changeset: 5fc23f1ec284a4cba03bf88fcade07f2558075a9 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Tue May 12 10:46:11 2020 +0530 URL: http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5fc23f1ec284a4cba03bf88fcade07f2558075a9 [^] Fixed issue 43828 : Updated UserList Query to improve Performance * Updated query by changing TerminalAccess and ADPreference table from FullJoin to Subquery to improve perfomance --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2020-04-22 17:40 | inaki_garcia | New Issue | |
| 2020-04-22 17:40 | inaki_garcia | Assigned To | => Retail |
| 2020-04-22 17:40 | inaki_garcia | Regression level | => Packaging and release |
| 2020-04-22 17:40 | inaki_garcia | Triggers an Emergency Pack | => No |
| 2020-04-22 17:44 | inaki_garcia | Description Updated | View Revisions |
| 2020-04-22 17:52 | inaki_garcia | Description Updated | View Revisions |
| 2020-04-23 07:08 | ranjith_qualiantech_com | Assigned To | Retail => ranjith_qualiantech_com |
| 2020-04-23 08:22 | ranjith_qualiantech_com | Relationship added | caused by 0043085 |
| 2020-04-23 08:23 | ranjith_qualiantech_com | Regression level | Packaging and release => Pre packaging ( pi ) |
| 2020-04-23 08:23 | ranjith_qualiantech_com | Regression date | => 2020-02-10 |
| 2020-04-23 08:23 | ranjith_qualiantech_com | Regression introduced in release | => main |
| 2020-04-23 08:23 | ranjith_qualiantech_com | Regression introduced by commit | => https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c027ae221f7e [^] |
| 2020-04-23 11:46 | ranjith_qualiantech_com | Status | new => scheduled |
| 2020-04-23 12:40 | ranjith_qualiantech_com | Regression level | Pre packaging ( pi ) => Packaging and release |
| 2020-04-24 02:55 | hgbot | Checkin | |
| 2020-04-24 02:55 | hgbot | Note Added: 0119376 | |
| 2020-04-24 02:55 | hgbot | Status | scheduled => resolved |
| 2020-04-24 02:55 | hgbot | Resolution | open => fixed |
| 2020-04-24 02:55 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ea35a851d62e64667d4c3baf6a366163e9bc98c9 [^] |
| 2020-04-28 13:29 | guilleaer | Note Added: 0119467 | |
| 2020-04-28 13:29 | guilleaer | Status | resolved => new |
| 2020-04-28 13:29 | guilleaer | Resolution | fixed => open |
| 2020-04-28 13:30 | guilleaer | Status | new => scheduled |
| 2020-04-29 05:49 | hgbot | Checkin | |
| 2020-04-29 05:49 | hgbot | Note Added: 0119482 | |
| 2020-04-29 05:49 | hgbot | Status | scheduled => resolved |
| 2020-04-29 05:49 | hgbot | Resolution | open => fixed |
| 2020-04-29 05:49 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/ea35a851d62e64667d4c3baf6a366163e9bc98c9 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/17735b88fc79e83e08d0e90949292c66c7329ec3 [^] |
| 2020-04-29 09:15 | hgbot | Checkin | |
| 2020-04-29 09:15 | hgbot | Note Added: 0119486 | |
| 2020-05-06 08:24 | marvintm | Review Assigned To | => marvintm |
| 2020-05-06 08:24 | marvintm | Status | resolved => closed |
| 2020-05-06 08:24 | marvintm | Fixed in Version | => RR20Q3 |
| 2020-05-12 07:13 | ranjith_qualiantech_com | Note Added: 0119743 | |
| 2020-05-12 07:13 | ranjith_qualiantech_com | Status | closed => new |
| 2020-05-12 07:13 | ranjith_qualiantech_com | Resolution | fixed => open |
| 2020-05-12 07:13 | ranjith_qualiantech_com | Fixed in Version | RR20Q3 => |
| 2020-05-12 07:13 | ranjith_qualiantech_com | Status | new => scheduled |
| 2020-05-12 07:16 | hgbot | Checkin | |
| 2020-05-12 07:16 | hgbot | Note Added: 0119744 | |
| 2020-05-12 07:16 | hgbot | Status | scheduled => resolved |
| 2020-05-12 07:16 | hgbot | Resolution | open => fixed |
| 2020-05-12 07:16 | hgbot | Fixed in SCM revision | http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/17735b88fc79e83e08d0e90949292c66c7329ec3 [^] => http://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/5fc23f1ec284a4cba03bf88fcade07f2558075a9 [^] |
| 2020-05-12 07:27 | ranjith_qualiantech_com | Note Edited: 0119743 | View Revisions |
| 2020-05-12 09:22 | marvintm | Status | resolved => closed |
| 2020-05-12 09:22 | marvintm | Fixed in Version | => RR20Q3 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |