Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0057769 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | have not tried | 2025-01-28 08:48 | 2025-02-03 11:18 | |||
| Reporter | AugustoMauch | View Status | public | |||||
| Assigned To | AugustoMauch | |||||||
| Priority | normal | Resolution | fixed | Fixed in Version | PR25Q2 | |||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Merge Request Status | approved | |||||||
| Review Assigned To | ||||||||
| OBNetwork customer | No | |||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Support ticket | ||||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0057769: Entity is not accesible by role, even when the role configuration should allow it | |||||||
| Description | Depending on how other roles are configured, it is possible that an automatic role, that should by default have access to all entities, will miss access to some. | |||||||
| Steps To Reproduce | - Create a role called ManualTest. - Set it as manual - Create an entry in the Window Access subtab. Window: Sales order, Active: false - Create another role called NonManualTest - Make sure Manual=false - Assign it to the usuario de Openbravo - Logout - Login as Openbravo - Change role, use NonManualTest - Open Sales Order. An error will be displayed when rendering rows for the Lines subtab: org.openbravo.base.exception.OBSecurityException: Entity OrderLine is not accessible by this role/user: TestRoleNotAdvanced/Openbravo | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0174807) hgbot (developer) 2025-01-28 12:17 |
Merge Request created: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1514 [^] |
|
(0175042) hgbot (developer) 2025-02-03 11:18 |
Merge request merged: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/merge_requests/1514 [^] |
|
(0175043) hgbot (developer) 2025-02-03 11:18 |
Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo [^] Changeset: 8fbb1539927d54510869b0740b8168f69ce69424 Author: Augusto Mauch <amauch@orisha.com> Date: 03-02-2025 10:18:17 URL: https://gitlab.com/orisha-group/bu-commerce/openbravo/product/openbravo/-/commit/8fbb1539927d54510869b0740b8168f69ce69424 [^] Fixes ISSUE-57769: Table access for auto role is not properly checked There was a problem in the query that was used to determine if an auto role was explicitly denied access to a given table, in the getAutomaticTableAccess method. The problem was that the query wanted to check that there are no disabled entries in ADWindowAccess for this role, but the role filter was missing in the subquery. As a consequence, if a table was disabled for other roles, the configuration leaked to other auto roles. Also a change was done to getManualTableAccess to avoid granting access to tables, if the isActive property in the header tab is false. --- M src/org/openbravo/dal/security/EntityAccessChecker.java --- |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2025-01-28 08:48 | AugustoMauch | New Issue | |
| 2025-01-28 08:48 | AugustoMauch | Assigned To | => AugustoMauch |
| 2025-01-28 08:48 | AugustoMauch | OBNetwork customer | => No |
| 2025-01-28 08:48 | AugustoMauch | Modules | => Core |
| 2025-01-28 08:48 | AugustoMauch | Triggers an Emergency Pack | => No |
| 2025-01-28 08:50 | AugustoMauch | Status | new => scheduled |
| 2025-01-28 12:17 | hgbot | Merge Request Status | => open |
| 2025-01-28 12:17 | hgbot | Note Added: 0174807 | |
| 2025-01-28 12:47 | ivazquez | Issue Monitored: ivazquez | |
| 2025-01-29 08:46 | hgbot | Merge Request Status | open => approved |
| 2025-02-03 11:18 | hgbot | Resolution | open => fixed |
| 2025-02-03 11:18 | hgbot | Status | scheduled => closed |
| 2025-02-03 11:18 | hgbot | Note Added: 0175042 | |
| 2025-02-03 11:18 | hgbot | Fixed in Version | => PR25Q2 |
| 2025-02-03 11:18 | hgbot | Note Added: 0175043 | |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |