Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
| ID | ||||||||||||
| 0056631 | ||||||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| defect | [Openbravo ERP] C. Security | major | always | 2024-10-03 09:07 | 2024-11-28 10:36 | |||||||
| Reporter | eduardo_Argal | View Status | public | |||||||||
| Assigned To | Triage Platform Base | |||||||||||
| Priority | immediate | Resolution | open | Fixed in Version | ||||||||
| Status | scheduled | Fix in branch | Fixed in SCM revision | |||||||||
| Projection | none | ETA | none | Target Version | pi | |||||||
| OS | Any | Database | Any | Java version | ||||||||
| OS Version | Database version | Ant version | ||||||||||
| Product Version | pi | SCM revision | ||||||||||
| Review Assigned To | ||||||||||||
| Web browser | ||||||||||||
| Modules | Core | |||||||||||
| Regression level | Production - Confirmed Stable | |||||||||||
| Regression date | 2023-10-17 | |||||||||||
| Regression introduced in release | PR24Q1 | |||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0056631: A user with a not Manual role can access, edit and create transactions in any organization | |||||||||||
| Description | A user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store. | |||||||||||
| Steps To Reproduce | 1) Log as Orhi Store User 2) Go to Purchase Order Window 3) Create a new record 4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role 5) change the configuration for the role to Manual 6) Repeat the steps and mind that now the organizatiuon combo works properly | |||||||||||
| Proposed Solution | Workaround: it is possible to prevent access to organizations for automatic roles by creating those roles as disable (Active = false) in the Role > Org Access tab. | |||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0172565) hgbot (developer) 2024-11-25 23:27 |
Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/1457 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2024-10-03 09:07 | eduardo_Argal | New Issue | |
| 2024-10-03 09:07 | eduardo_Argal | Assigned To | => alostale |
| 2024-10-03 09:07 | eduardo_Argal | Modules | => Core |
| 2024-10-03 09:07 | eduardo_Argal | Regression level | => Production - Confirmed Stable |
| 2024-10-03 09:07 | eduardo_Argal | Triggers an Emergency Pack | => No |
| 2024-10-15 10:34 | alostale | Assigned To | alostale => Triage Platform Base |
| 2024-10-17 14:38 | AugustoMauch | Proposed Solution updated | |
| 2024-10-17 14:39 | AugustoMauch | Proposed Solution updated | |
| 2024-11-22 11:13 | AugustoMauch | Status | new => scheduled |
| 2024-11-25 23:27 | hgbot | Note Added: 0172565 | |
| 2024-11-28 10:32 | alostale | Relationship added | caused by 0053408 |
| 2024-11-28 10:33 | alostale | Regression date | => 2023-10-17 |
| 2024-11-28 10:33 | alostale | Regression introduced in release | => PR24Q1 |
| 2024-11-28 10:36 | alostale | Proposed Solution updated | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |