Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0006199 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] C. Security | major | always | 2008-11-26 02:16 | 2009-04-21 12:39 | |||
| Reporter | eintelau | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | pi | |||
| Status | closed | Fix in branch | pi | Fixed in SCM revision | 12666 | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | PostgreSQL | Java version | 1.5 | |||
| OS Version | Database version | 8.3 | Ant version | 1.7 | ||||
| Product Version | 2.40 | SCM revision | 10587 | |||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0006199: Role with Organisation access can't fill out many required combos | |||||||
| Description | A Role that just has Organisation access (no Client, no *) is not able to use many forms/reports because the data for required combos is restricted to Organisation=* access (ie the required combos have an empty list of options). This is due to the security review which removed the * org from the #User_Org list. The WAD generated code has been updated to use #AccessibleOrgTree but none of the forms, reports, etc have been updated. I believe this is a significant issue and should be fixed in a 2.40 release as well as trunk. | |||||||
| Steps To Reproduce | Behaviour can be seen in many places. 1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User). 2) Go to Financial Management | Accounting | Analysis Tools | General Ledger Report 3) Try to select the Accounting Schema. Dropdown is empty 4) Cannot submit report. or 1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User). 2) Go to Business Partner | Location tab 3) Create a new Location 4) Edit the address 5) Cannot select required fields region/country from dropdown 6) Cannot save new address | |||||||
| Proposed Solution | Update all forms/reports/etc to use #AccessibleOrgTree instead of #User_Org in the appropriate places. In particular this means any use of ComboTableData. The attached file contains a patch with modifications for the Openbravo 2.40 and trunk. Given the size of the change I believe it needs review rather than me committing it directly. | |||||||
| Tags | platform1_sprint1 | |||||||
| Attached Files |  AccessibleOrgTree-patch.zip [^] (72,630 bytes) 2008-11-26 02:16 | |||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||||||||||||||||
|
||||||||||||||||||||||
 Relationships |
|
Notes |
|
|
(0011463) rafaroda (developer) 2008-12-17 09:26 |
Asier, could you please review if this is really a bug and take a look at the patch? Thank you. |
|
(0012936) svnbot (reporter) 2009-01-30 17:40 |
Repository: openbravo Revision: 12571 Author: alostale Date: 2009-01-30 17:40:33 +0100 (Fri, 30 Jan 2009) related to issue 0006199: Fixed org in selectors --- U trunk/src/org/openbravo/erpCommon/info/Account.java U trunk/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java U trunk/src/org/openbravo/erpCommon/info/DebtPayment.java U trunk/src/org/openbravo/erpCommon/info/ImageInfo.java U trunk/src/org/openbravo/erpCommon/info/InvoiceLine.java U trunk/src/org/openbravo/erpCommon/info/Location.java U trunk/src/org/openbravo/erpCommon/info/Locator.java U trunk/src/org/openbravo/erpCommon/info/Product.java U trunk/src/org/openbravo/erpCommon/info/ProductComplete.java U trunk/src/org/openbravo/erpCommon/info/ProductMultiple.java U trunk/src/org/openbravo/erpCommon/info/Project.java U trunk/src/org/openbravo/erpCommon/info/SalesOrder.java U trunk/src/org/openbravo/erpCommon/info/SalesOrderLine.java U trunk/src/org/openbravo/erpCommon/info/ShipmentReceipt.java U trunk/src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12571&sc=1 [^] |
|
(0012983) svnbot (reporter) 2009-02-02 10:13 |
Repository: openbravo Revision: 12632 Author: alostale Date: 2009-02-02 10:13:13 +0100 (Mon, 02 Feb 2009) related to issue 0006199: Fixed org in ad_reports --- U trunk/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java U trunk/src/org/openbravo/erpCommon/ad_reports/MInOutTraceReports.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAccountingCountDimensionalAnalyses.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAgingBalance.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportAnnualCertification.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBank.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBankJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportBudgetGenerateExcel.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCash.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashFlow.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportCashflowForecast.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportDebtPayment.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportDebtPaymentTrack.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportExpense.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportGuaranteeDateJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInventory.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalyses.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerEdition.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscount.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscountJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorDimensionalAnalysesJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoices.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportInvoicesJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEdition.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEditionJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportOffer.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportOrderNotInvoiceJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportParetoProduct.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPendingProductionJr.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPricelist.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductMovement.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProduction.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionCost.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProductionRunJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSite.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSiteJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectProfitabilityJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportProjectProgress.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportPurchaseDimensionalAnalysesJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportRefundInvoiceCustomerDimensionalAnalyses.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportRefundSalesDimensionalAnalyses.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderInvoicedJasper.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItem.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItemJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderProvidedJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipmentEditionJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportShipper.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportStandardCostJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignment.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignmentJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTotalProductTemplate.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalanceDetail.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportValuationStock.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseControl.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseDetailInventoryJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWarehousePartnerJR.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDaily.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDailyEnv.java U trunk/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementJR.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12632&sc=1 [^] |
|
(0012984) svnbot (reporter) 2009-02-02 10:14 |
Repository: openbravo Revision: 12633 Author: alostale Date: 2009-02-02 10:14:32 +0100 (Mon, 02 Feb 2009) related to issue 0006199: fixed or in erpReports --- U trunk/src/org/openbravo/erpReports/RptC_Proposal.java U trunk/src/org/openbravo/erpReports/RptC_ProposalJr.java U trunk/src/org/openbravo/erpReports/RptC_Remittance.java U trunk/src/org/openbravo/erpReports/RptC_RemittanceJR.java U trunk/src/org/openbravo/erpReports/RptC_Settlement.java U trunk/src/org/openbravo/erpReports/RptPromissoryNote.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12633&sc=1 [^] |
|
(0012994) svnbot (reporter) 2009-02-02 10:51 |
Repository: openbravo Revision: 12638 Author: alostale Date: 2009-02-02 10:51:14 +0100 (Mon, 02 Feb 2009) related to issue 0006199: fixed org in callouts --- U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Invoice_BPartner.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Order_BPartner.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Project_BPartner.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Proposal_BPartner.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SE_Wh_SchedulePeriod.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_CreateFromMultiple_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_InOut_BPartner.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Invoice_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Order_DocType.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Order_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Payment_Amounts.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_SequenceProduct_Product.java U trunk/src/org/openbravo/erpCommon/ad_callouts/SL_WRPhaseProduct_Product.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12638&sc=1 [^] |
|
(0013012) svnbot (reporter) 2009-02-02 13:45 |
Repository: openbravo Revision: 12655 Author: alostale Date: 2009-02-02 13:45:50 +0100 (Mon, 02 Feb 2009) related to issue 0006199: fixed org in action buttons --- U trunk/src/org/openbravo/erpCommon/ad_actionButton/ActionButtonUtility.java U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFile.java U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFrom.java U trunk/src/org/openbravo/erpCommon/ad_actionButton/CreateFromMultiple.java U trunk/src/org/openbravo/erpCommon/ad_actionButton/ProjectSetType.java U trunk/src/org/openbravo/erpCommon/ad_actionButton/UpdateMaintenanceScheduled.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12655&sc=1 [^] |
|
(0013015) svnbot (reporter) 2009-02-02 13:58 |
Repository: openbravo Revision: 12660 Author: alostale Date: 2009-02-02 13:57:58 +0100 (Mon, 02 Feb 2009) related to issue 0006199: fixed org in ad process --- U trunk/src/org/openbravo/erpCommon/ad_process/CashBankOperations.java U trunk/src/org/openbravo/erpCommon/ad_process/ChangeOrderOrg.java U trunk/src/org/openbravo/erpCommon/ad_process/CreateTaxReport.java U trunk/src/org/openbravo/erpCommon/ad_process/ExpenseAPInvoice.java U trunk/src/org/openbravo/erpCommon/ad_process/GenerateHelp.java U trunk/src/org/openbravo/erpCommon/ad_process/ImportAccountServlet.java U trunk/src/org/openbravo/erpCommon/ad_process/ImportBudgetServlet.java U trunk/src/org/openbravo/erpCommon/ad_process/PriceListCreateAll.java U trunk/src/org/openbravo/erpCommon/ad_process/SendMailText.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12660&sc=1 [^] |
|
(0013018) svnbot (reporter) 2009-02-02 15:05 |
Repository: openbravo Revision: 12663 Author: alostale Date: 2009-02-02 15:05:03 +0100 (Mon, 02 Feb 2009) related to issue 0006199: fixed org in forms --- U trunk/src/org/openbravo/erpCommon/ad_forms/AlertManagement.java U trunk/src/org/openbravo/erpCommon/ad_forms/FileImport.java U trunk/src/org/openbravo/erpCommon/ad_forms/InitialClientSetup.java U trunk/src/org/openbravo/erpCommon/ad_forms/InitialOrgSetup.java U trunk/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline.java U trunk/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline_Lines.java U trunk/src/org/openbravo/erpCommon/ad_forms/ModuleManagement.java U trunk/src/org/openbravo/erpCommon/ad_forms/RequisitionToOrder.java U trunk/src/org/openbravo/erpCommon/ad_forms/ShowSessionPreferences.java U trunk/src/org/openbravo/erpCommon/ad_process/CreateAccountingReport.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12663&sc=1 [^] |
|
(0013022) svnbot (reporter) 2009-02-02 15:21 |
Repository: openbravo Revision: 12666 Author: alostale Date: 2009-02-02 15:21:15 +0100 (Mon, 02 Feb 2009) related to issue 0006199: fixed org in others --- U trunk/src/org/openbravo/erpCommon/ad_workflow/WorkflowControl.java U trunk/src/org/openbravo/erpCommon/businessUtility/Buscador.java U trunk/src/org/openbravo/erpCommon/businessUtility/TabAttachments.java U trunk/src/org/openbravo/erpCommon/utility/Utility.java U trunk/src/org/openbravo/erpCommon/utility/VerticalMenu.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12666&sc=1 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-11-26 02:16 | eintelau | New Issue | |
| 2008-11-26 02:16 | eintelau | Assigned To | => rafaroda |
| 2008-11-26 02:16 | eintelau | sf_bug_id | 0 => 2347559 |
| 2008-11-26 02:16 | eintelau | File Added: AccessibleOrgTree-patch.zip | |
| 2008-12-02 23:40 | eintelau | Issue Monitored: eintelau | |
| 2008-12-03 19:03 | pjuvara | Priority | normal => high |
| 2008-12-09 13:41 | pheenan | Assigned To | rafaroda => pheenan |
| 2008-12-17 09:26 | rafaroda | Note Added: 0011463 | |
| 2008-12-17 09:26 | rafaroda | Assigned To | pheenan => alostale |
| 2008-12-17 09:26 | rafaroda | Status | new => acknowledged |
| 2008-12-17 11:02 | alostale | Tag Attached: platform1_sprint1 | |
| 2009-01-09 11:32 | psarobe | Priority | high => urgent |
| 2009-01-09 11:32 | psarobe | Status | acknowledged => scheduled |
| 2009-01-09 11:32 | psarobe | fix_in_branch | => trunk |
| 2009-01-30 17:40 | svnbot | Checkin | |
| 2009-01-30 17:40 | svnbot | Note Added: 0012936 | |
| 2009-01-30 17:40 | svnbot | svn_revision | => 12571 |
| 2009-02-02 10:13 | svnbot | Checkin | |
| 2009-02-02 10:13 | svnbot | Note Added: 0012983 | |
| 2009-02-02 10:13 | svnbot | svn_revision | 12571 => 12632 |
| 2009-02-02 10:14 | svnbot | Checkin | |
| 2009-02-02 10:14 | svnbot | Note Added: 0012984 | |
| 2009-02-02 10:14 | svnbot | svn_revision | 12632 => 12633 |
| 2009-02-02 10:51 | svnbot | Checkin | |
| 2009-02-02 10:51 | svnbot | Note Added: 0012994 | |
| 2009-02-02 10:51 | svnbot | svn_revision | 12633 => 12638 |
| 2009-02-02 13:45 | svnbot | Checkin | |
| 2009-02-02 13:45 | svnbot | Note Added: 0013012 | |
| 2009-02-02 13:45 | svnbot | svn_revision | 12638 => 12655 |
| 2009-02-02 13:58 | svnbot | Checkin | |
| 2009-02-02 13:58 | svnbot | Note Added: 0013015 | |
| 2009-02-02 13:58 | svnbot | svn_revision | 12655 => 12660 |
| 2009-02-02 15:05 | svnbot | Checkin | |
| 2009-02-02 15:05 | svnbot | Note Added: 0013018 | |
| 2009-02-02 15:05 | svnbot | svn_revision | 12660 => 12663 |
| 2009-02-02 15:21 | svnbot | Checkin | |
| 2009-02-02 15:21 | svnbot | Note Added: 0013022 | |
| 2009-02-02 15:21 | svnbot | svn_revision | 12663 => 12666 |
| 2009-02-02 17:05 | alostale | Status | scheduled => resolved |
| 2009-02-02 17:05 | alostale | Fixed in Version | => trunk |
| 2009-02-02 17:05 | alostale | Resolution | open => fixed |
| 2009-04-21 02:53 | eintelau | Issue End Monitor: eintelau | |
| 2009-04-21 12:39 | psarobe | Status | resolved => closed |
| 2009-05-26 14:08 | vmromanos | Relationship added | related to 0009183 |
| 2014-10-22 18:52 | vmromanos | Relationship added | causes 0027953 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |