Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0048694 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Retail Modules] Web POS | major | have not tried | 2022-03-01 11:26 | 2022-03-16 08:08 | |||
| Reporter | marvintm | View Status | public | |||||
| Assigned To | rqueralta | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | RR21Q4.4 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | RR21Q4.4 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0048694: MultiServerJSONProcess is disabling the permissions check in all its subclasses | |||||||
| Description | Currently the MultiServerJSONProcess class is disabling the permissions check in all its subclasses by default. This means that even if a class implements a preference check, this check will not be done and users without access to that preference will be able to use the process. | |||||||
| Steps To Reproduce | . | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0135441) hgbot (developer) 2022-03-03 23:44 |
Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/340 [^] |
|
(0135759) hgbot (developer) 2022-03-16 08:08 |
Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/340 [^] |
|
(0135760) hgbot (developer) 2022-03-16 08:08 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^] Changeset: 10ff7dd850f9107c9c997a7f159a81cd662bf254 Author: Rafael Queralta <rafaelcuba81@gmail.com> Date: 03-03-2022 12:42:18 URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/10ff7dd850f9107c9c997a7f159a81cd662bf254 [^] Fixed BUG-48694: Due to security issues, was removed the overrided methods bypassSecurity and bypassPreferenceCheck in MultiServerJSONProcess class --- M src/org/openbravo/mobile/core/servercontroller/MultiServerJSONProcess.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2022-03-01 11:27 | marvintm | Type | defect => backport |
| 2022-03-01 11:27 | marvintm | Target Version | => RR21Q4.4 |
| 2022-03-03 23:44 | hgbot | Merge Request Status | => open |
| 2022-03-03 23:44 | hgbot | Note Added: 0135441 | |
| 2022-03-04 18:20 | rqueralta | Assigned To | Retail => rqueralta |
| 2022-03-16 08:08 | hgbot | Merge Request Status | open => approved |
| 2022-03-16 08:08 | hgbot | Note Added: 0135759 | |
| 2022-03-16 08:08 | hgbot | Resolution | open => fixed |
| 2022-03-16 08:08 | hgbot | Status | scheduled => closed |
| 2022-03-16 08:08 | hgbot | Fixed in Version | => RR21Q4.4 |
| 2022-03-16 08:08 | hgbot | Note Added: 0135760 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |