Project:
View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
ID | ||||||||||||
0057255 | ||||||||||||
Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
backport | [Openbravo ERP] C. Security | major | always | 2024-10-03 09:07 | 2024-11-28 17:50 | |||||||
Reporter | eduardo_Argal | View Status | public | |||||||||
Assigned To | Triage Platform Base | |||||||||||
Priority | immediate | Resolution | open | Fixed in Version | ||||||||
Status | scheduled | Fix in branch | Fixed in SCM revision | |||||||||
Projection | none | ETA | none | Target Version | PR24Q4.1 | |||||||
OS | Any | Database | Any | Java version | ||||||||
OS Version | Database version | Ant version | ||||||||||
Product Version | pi | SCM revision | ||||||||||
Review Assigned To | ||||||||||||
Web browser | ||||||||||||
Modules | Core | |||||||||||
Regression level | Production - Confirmed Stable | |||||||||||
Regression date | ||||||||||||
Regression introduced in release | ||||||||||||
Regression introduced by commit | ||||||||||||
Triggers an Emergency Pack | No | |||||||||||
Summary | 0057255: A user with a not Manual role can access, edit and create transactions in any organization | |||||||||||
Description | A user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store. | |||||||||||
Steps To Reproduce | 1) Log as Orhi Store User 2) Go to Purchase Order Window 3) Create a new record 4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role 5) change the configuration for the role to Manual 6) Repeat the steps and mind that now the organizatiuon combo works properly | |||||||||||
Proposed Solution | Check previous behavior: - How is the org access provided? Only on role creation? On update as well? Check workaround: - Ensure that disabling the role_org record works as expected | |||||||||||
Tags | No tags attached. | |||||||||||
Attached Files | ||||||||||||
Relationships [ Relation Graph ] [ Dependency Graph ] | ||||||||
|
Issue History | |||
Date Modified | Username | Field | Change |
2024-11-22 11:13 | AugustoMauch | Type | defect => backport |
2024-11-22 11:13 | AugustoMauch | Target Version | pi => PR24Q4 |
2024-11-28 17:50 | AugustoMauch | Target Version | PR24Q4 => PR24Q4.1 |
Copyright © 2000 - 2009 MantisBT Group |