Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0048694
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Retail Modules] Web POSmajorhave not tried2022-03-01 11:262022-03-16 08:08
ReportermarvintmView Statuspublic 
Assigned Torqueralta 
PrioritynormalResolutionfixedFixed in VersionRR21Q4.4
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget VersionRR21Q4.4
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned To
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0048694: MultiServerJSONProcess is disabling the permissions check in all its subclasses

DescriptionCurrently the MultiServerJSONProcess class is disabling the permissions check in all its subclasses by default.

This means that even if a class implements a preference check, this check will not be done and users without access to that preference will be able to use the process.
Steps To Reproduce.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0048692 closedrqueralta MultiServerJSONProcess is disabling the permissions check in all its subclasses 

-  Notes
(0135441)
hgbot (developer)
2022-03-03 23:44

Merge Request created: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/340 [^]
(0135759)
hgbot (developer)
2022-03-16 08:08

Merge request merged: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/merge_requests/340 [^]
(0135760)
hgbot (developer)
2022-03-16 08:08

Directly closing issue as related merge request is already approved.

Repository: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core [^]
Changeset: 10ff7dd850f9107c9c997a7f159a81cd662bf254
Author: Rafael Queralta <rafaelcuba81@gmail.com>
Date: 03-03-2022 12:42:18
URL: https://gitlab.com/openbravo/product/pmods/org.openbravo.mobile.core/-/commit/10ff7dd850f9107c9c997a7f159a81cd662bf254 [^]

Fixed BUG-48694: Due to security issues, was removed the overrided methods bypassSecurity and bypassPreferenceCheck in MultiServerJSONProcess class

---
M src/org/openbravo/mobile/core/servercontroller/MultiServerJSONProcess.java
---

- Issue History
Date Modified Username Field Change
2022-03-01 11:27 marvintm Type defect => backport
2022-03-01 11:27 marvintm Target Version => RR21Q4.4
2022-03-03 23:44 hgbot Note Added: 0135441
2022-03-04 18:20 rqueralta Assigned To Retail => rqueralta
2022-03-16 08:08 hgbot Note Added: 0135759
2022-03-16 08:08 hgbot Resolution open => fixed
2022-03-16 08:08 hgbot Status scheduled => closed
2022-03-16 08:08 hgbot Fixed in Version => RR21Q4.4
2022-03-16 08:08 hgbot Note Added: 0135760


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker