Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0043834 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Retail Modules] Web POS | critical | have not tried | 2020-04-22 17:40 | 2020-05-12 09:22 | |||
| Reporter | inaki_garcia | View Status | public | |||||
| Assigned To | ranjith_qualiantech_com | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | RR20Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | 8942d2c56c6e | ||||
| Projection | none | ETA | none | Target Version | RR20Q2 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | ||||||||
| Review Assigned To | marvintm | |||||||
| OBNetwork customer | No | |||||||
| Support ticket | ||||||||
| Regression level | Packaging and release | |||||||
| Regression date | 2020-02-10 | |||||||
| Regression introduced in release | main | |||||||
| Regression introduced by commit | https://code.openbravo.com/erp/pmods/org.openbravo.retail.posterminal/rev/c027ae221f7e [^] | |||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0043834: [20Q2] User access and visibility management per terminal via "POS Terminal Access" subtab no longer works | |||||||
| Description | Entering rows in the "POS Terminal Access" subtab in the "User" tab in the backend has lost its effect in specifying the users allowance in terminals at an Organization level, meaning that users sharing organization with the terminals will be listed in all of the terminals/touchpoints. This regression is considered critical, since it poses an important security risk for organizations with many users and terminals. Reproducible in builds updated to 20Q2, but not in 20Q1. | |||||||
| Steps To Reproduce | -- In the Backend 0. Log in the Backend with the "The White Valley Group Admin" role 1. Create a new user and save it 2. Add in a record with the "VallBlancaManual" Role in User Roles subtab and save it -- In the Frontend 3. Navigate to the VBS-1 terminal NOTICE that the created user appears listed, as expected -- In the Backend 4. For the previously created user, add in a record with the "VBA1001" Touchpoint in the POS Terminal Access subtab, and save it -- In the Frontend 5. Refresh the Web POS NOTICE that the created user STILL appears, which is an incorrect. The user should only show in the specified VBA1001 terminal/touchpoint. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0119613) hgbot (developer) 2020-05-06 09:24 |
Repository: retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal Changeset: dc97805897dc2396892eb938cb53ad428f3c4396 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Wed May 06 12:53:46 2020 +0530 URL: http://code.openbravo.com/retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal/rev/dc97805897dc2396892eb938cb53ad428f3c4396 [^] Fixed issue 43834 : Modified Login UserList query to list users based on Terminal Access * If Pref. "Filter User based on Terminal Access", users added in Terminal Access will be listed If not enabled, either user should present in Terminal Access or user should not present in Terminal Access * If Pref. "Filter User based on Terminal Access", is defined, it will list users only which are added under POS Terminal access tab * If Pref. "Filter User based on Terminal Access", is not defined, if a user defined in particular terminals in POS Terminal access, user will be shown only in those terminals If user is not defined in POS Terminal access, then it will shown for all terminals * Same query will be used to list the list for approvals * To Preserve Existing functionality, added method doFilterUserOnlyByTerminalAccessPreference without any parameter --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java --- |
|
(0119745) ranjith_qualiantech_com (viewer) 2020-05-12 07:27 |
Query performance was very slow due to Terminal Access and Preference join queries |
|
(0119746) hgbot (developer) 2020-05-12 07:30 |
Repository: retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal Changeset: 8942d2c56c6e6cbcacd825f9803694a716efb3d2 Author: Ranjith S R <ranjith <at> qualiantech.com> Date: Tue May 12 11:00:08 2020 +0530 URL: http://code.openbravo.com/retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal/rev/8942d2c56c6e6cbcacd825f9803694a716efb3d2 [^] Fixed issue 43834 : Updated UserList Query to improve Performance * Updated query by changing TerminalAccess and ADPreference table from FullJoin to Subquery to improve perfomance --- M src/org/openbravo/retail/posterminal/LoginUtilsServlet.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2020-04-23 11:46 | ranjith_qualiantech_com | Type | defect => backport |
| 2020-04-23 11:46 | ranjith_qualiantech_com | Target Version | => RR20Q2 |
| 2020-04-23 12:40 | ranjith_qualiantech_com | Regression level | Pre packaging ( pi ) => Packaging and release |
| 2020-05-06 09:24 | hgbot | Checkin | |
| 2020-05-06 09:24 | hgbot | Note Added: 0119613 | |
| 2020-05-06 09:24 | hgbot | Status | scheduled => resolved |
| 2020-05-06 09:24 | hgbot | Resolution | open => fixed |
| 2020-05-06 09:24 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal/rev/dc97805897dc2396892eb938cb53ad428f3c4396 [^] |
| 2020-05-07 09:27 | marvintm | Review Assigned To | => marvintm |
| 2020-05-07 09:27 | marvintm | Status | resolved => closed |
| 2020-05-07 09:27 | marvintm | Fixed in Version | => RR20Q2 |
| 2020-05-12 07:27 | ranjith_qualiantech_com | Note Added: 0119745 | |
| 2020-05-12 07:27 | ranjith_qualiantech_com | Status | closed => new |
| 2020-05-12 07:27 | ranjith_qualiantech_com | Resolution | fixed => open |
| 2020-05-12 07:27 | ranjith_qualiantech_com | Fixed in Version | RR20Q2 => |
| 2020-05-12 07:27 | ranjith_qualiantech_com | Status | new => scheduled |
| 2020-05-12 07:30 | hgbot | Checkin | |
| 2020-05-12 07:30 | hgbot | Note Added: 0119746 | |
| 2020-05-12 07:30 | hgbot | Status | scheduled => resolved |
| 2020-05-12 07:30 | hgbot | Resolution | open => fixed |
| 2020-05-12 07:30 | hgbot | Fixed in SCM revision | http://code.openbravo.com/retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal/rev/dc97805897dc2396892eb938cb53ad428f3c4396 [^] => http://code.openbravo.com/retail/backports/3.0RR20Q2/org.openbravo.retail.posterminal/rev/8942d2c56c6e6cbcacd825f9803694a716efb3d2 [^] |
| 2020-05-12 09:22 | marvintm | Status | resolved => closed |
| 2020-05-12 09:22 | marvintm | Fixed in Version | => RR20Q2 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |