Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||||||
| ID | ||||||||||||
| 0057255 | ||||||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| backport | [Openbravo ERP] C. Security | major | always | 2024-10-03 09:07 | 2025-03-03 12:32 | |||||||
| Reporter | eduardo_Argal | View Status | public | |||||||||
| Assigned To | Triage Platform Base | |||||||||||
| Priority | immediate | Resolution | open | Fixed in Version | ||||||||
| Status | new | Fix in branch | Fixed in SCM revision | e5fb01a0a2ae | ||||||||
| Projection | none | ETA | none | Target Version | PR24Q4.2 | |||||||
| OS | Any | Database | Any | Java version | ||||||||
| OS Version | Database version | Ant version | ||||||||||
| Product Version | pi | SCM revision | ||||||||||
| Merge Request Status | approved | |||||||||||
| Review Assigned To | ||||||||||||
| OBNetwork customer | No | |||||||||||
| Web browser | ||||||||||||
| Modules | Core | |||||||||||
| Support ticket | ||||||||||||
| Regression level | Production - Confirmed Stable | |||||||||||
| Regression date | ||||||||||||
| Regression introduced in release | ||||||||||||
| Regression introduced by commit | ||||||||||||
| Triggers an Emergency Pack | No | |||||||||||
| Summary | 0057255: A user with a not Manual role can access, edit and create transactions in any organization | |||||||||||
| Description | A user with a not Manual role can access, edit and create transactions in any organization even if the organization access is limited to one store. | |||||||||||
| Steps To Reproduce | 1) Log as Orhi Store User 2) Go to Purchase Order Window 3) Create a new record 4) Mind that the organization combo displays the full list of organization when it should just display the organizations defined in the Org Access tab for his/her role 5) change the configuration for the role to Manual 6) Repeat the steps and mind that now the organizatiuon combo works properly | |||||||||||
| Proposed Solution | Check previous behavior: - How is the org access provided? Only on role creation? On update as well? Check workaround: - Ensure that disabling the role_org record works as expected | |||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0176005) AugustoMauch (administrator) 2025-02-21 09:12 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo [^] [^] Changeset: e5fb01a0a2ae195cb818f478e91b40024ae03f72 Author: Augusto Mauch <amauch@orisha.com> Date: 21-02-2025 09:11:16 URL: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/commit/e5fb01a0a2ae195cb818f478e91b40024ae03f72 [^] [^] Fixes ISSUE-56631: Automatic role should only get auto write access to 0 Auto roles should get automatic read access to all orgs by default, but only to write access to 0 --- M referencedata/sampledata/F_B_International_Group/AD_ROLE_ORGACCESS.xml M src/org/openbravo/base/secureApp/LoginUtils.java M src/org/openbravo/dal/core/OBContext.java |
|
(0176006) AugustoMauch (administrator) 2025-02-21 09:12 |
https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1549 [^] |
|
(0176191) hgbot (developer) 2025-02-27 09:17 |
Merge Request created: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1561 [^] |
|
(0176193) hgbot (developer) 2025-02-27 09:20 |
Merge request merged: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1561 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2024-11-22 11:13 | AugustoMauch | Type | defect => backport |
| 2024-11-22 11:13 | AugustoMauch | Target Version | pi => PR24Q4 |
| 2024-11-28 17:50 | AugustoMauch | Target Version | PR24Q4 => PR24Q4.1 |
| 2025-02-21 09:12 | AugustoMauch | Note Added: 0176005 | |
| 2025-02-21 09:12 | AugustoMauch | Note Added: 0176006 | |
| 2025-02-21 09:12 | AugustoMauch | Status | scheduled => resolved |
| 2025-02-21 09:12 | AugustoMauch | Fixed in SCM revision | => https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/commit/e5fb01a0a2ae195cb818f478e91b40024ae03f72 [^] |
| 2025-02-21 09:12 | AugustoMauch | Resolution | open => fixed |
| 2025-02-21 09:12 | AugustoMauch | Status | resolved => closed |
| 2025-02-27 09:17 | hgbot | Merge Request Status | => open |
| 2025-02-27 09:17 | hgbot | Note Added: 0176191 | |
| 2025-02-27 09:19 | hgbot | Merge Request Status | open => approved |
| 2025-02-27 09:20 | hgbot | Note Added: 0176193 | |
| 2025-02-27 09:21 | AugustoMauch | Status | closed => new |
| 2025-02-27 09:21 | AugustoMauch | Resolution | fixed => open |
| 2025-03-03 12:32 | AugustoMauch | Target Version | PR24Q4.1 => PR24Q4.2 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |