Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0057255
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Openbravo ERP] C. Securitymajoralways2024-10-03 09:072024-11-28 17:50
Reportereduardo_ArgalView Statuspublic 
Assigned ToTriage Platform Base 
PriorityimmediateResolutionopenFixed in Version
StatusscheduledFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget VersionPR24Q4.1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionpiSCM revision 
Review Assigned To
Web browser
ModulesCore
Regression levelProduction - Confirmed Stable
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0057255: A user with a not Manual role can access, edit and create transactions in any organization

DescriptionA user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store.
Steps To Reproduce1) Log as Orhi Store User
2) Go to Purchase Order Window
3) Create a new record
4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role
5) change the configuration for the role to Manual
6) Repeat the steps and mind that now the organizatiuon combo works properly
Proposed SolutionCheck previous behavior:
- How is the org access provided? Only on role creation? On update as well?

Check workaround:
- Ensure that disabling the role_org record works as expected
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0056631pi scheduledTriage Platform Base A user with a not Manual role can access, edit and create transactions in any organization 

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2024-11-22 11:13 AugustoMauch Type defect => backport
2024-11-22 11:13 AugustoMauch Target Version pi => PR24Q4
2024-11-28 17:50 AugustoMauch Target Version PR24Q4 => PR24Q4.1


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker