Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | ||||||||
0047852 | ||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
defect | [POS2] Core | major | have not tried | 2021-10-14 17:43 | 2021-10-18 14:04 | |||
Reporter | cberner | View Status | public | |||||
Assigned To | cberner | |||||||
Priority | normal | Resolution | fixed | Fixed in Version | ||||
Status | closed | Fix in branch | Fixed in SCM revision | |||||
Projection | none | ETA | none | Target Version | ||||
OS | Any | Database | Any | Java version | ||||
OS Version | Database version | Ant version | ||||||
Product Version | SCM revision | |||||||
Review Assigned To | ||||||||
Regression level | ||||||||
Regression date | ||||||||
Regression introduced in release | ||||||||
Regression introduced by commit | ||||||||
Triggers an Emergency Pack | No | |||||||
Summary | 0047852: JIRA-2368: Permissions are wrong for drawer menu subentries if changing user | |||||||
Description | When pressing login, user actions permissions are not updated for the entries of groups of the drawer menu, resulting in this appearing as disabled when they should be enabled, and enabled when should be disabled, because the previous state is the one being mantained. For example, a Manager with permission to all subentries logs in, he has all options available. If he doesn't refresh, logs out, and an employee with no permissions logs in, he'll have the same access to the drawer menu subentries as the manager. Note: This doesn't affect the group button, for example Customers window works fine, and permissions are updated correctly. | |||||||
Steps To Reproduce | 1. Login in Backoffice as Openbravo and WhiteValleyGroup admin role 2. Go to Role window and select VallBlancaManual role 2.1. In UserActionAccess remove "SwitchToOrgVariablesWindow" entry 2.2. You may logout from backoffice 3. Login in WebPOS as Vallblanca, check that Organization Variables subentry is available 4. Click on user Vallblanca to the top right, and change Profile to VallBlancaManual and check that Organization Variables subentry is disabled 5. Click Logout and login again as Vallblanca user Option Organization Variables appears as disabled, although you're connected with a role that has permission to that user action. | |||||||
Tags | No tags attached. | |||||||
Attached Files | ||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | ||||||||
|
Notes | |
(0132357) hgbot (developer) 2021-10-15 09:51 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/649 [^] |
(0132412) hgbot (developer) 2021-10-18 14:04 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2 [^] Changeset: 6bebef4a7f0477a3cd011c3afe7e7a4ccf31f539 Author: Cristian Berner <cristian.berner@openbravo.com> Date: 2021-10-18T13:28:46+02:00 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/commit/6bebef4a7f0477a3cd011c3afe7e7a4ccf31f539 [^] Fixes ISSUE-47852: Permissions are wrong for drawer menu subentries if changing user UserAction executability was not being recalculated on login, resulting in using the previous session/user executability for the newly logged user. If the previous user had different permissions for a certain user action, this was not being updated(except for the ones that are updated due to them listening to a state model). As such, it is required to recalculate the executability of user actions on login. To do that, initializeAll from UserAction.js was moved to initializeAllUserActions in Registry.js, which checks all registered user actions, and if initialized, it only recalculates executability with the current state. Other options would have been to do a refresh on login or logout process, but that is unacceptable just for this simple fix. --- M web-jspack/org.openbravo.core2/src/core/Registry.js M web-jspack/org.openbravo.core2/src/core/authentication/OnLoginActions.js M web-jspack/org.openbravo.core2/src/core/user-action/UserAction.js M web-jspack/org.openbravo.core2/src/core/user-action/__test__/UserAction.test.js --- |
(0132413) hgbot (developer) 2021-10-18 14:04 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.core2/-/merge_requests/649 [^] |
Issue History | |||
Date Modified | Username | Field | Change |
2021-10-14 17:43 | cberner | New Issue | |
2021-10-14 17:43 | cberner | Assigned To | => cberner |
2021-10-14 17:43 | cberner | Triggers an Emergency Pack | => No |
2021-10-14 17:43 | guilleaer | Status | new => scheduled |
2021-10-14 17:43 | guilleaer | Status | scheduled => acknowledged |
2021-10-14 17:58 | cberner | Steps to Reproduce Updated | View Revisions |
2021-10-15 09:51 | hgbot | Note Added: 0132357 | |
2021-10-18 09:26 | cberner | Status | acknowledged => scheduled |
2021-10-18 14:04 | hgbot | Resolution | open => fixed |
2021-10-18 14:04 | hgbot | Status | scheduled => closed |
2021-10-18 14:04 | hgbot | Note Added: 0132412 | |
2021-10-18 14:04 | hgbot | Note Added: 0132413 |
Copyright © 2000 - 2009 MantisBT Group |