Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0006813 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Openbravo ERP] C. Security | major | always | 2008-11-26 02:16 | 2009-03-04 17:51 | |||
| Reporter | eintelau | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | urgent | Resolution | fixed | Fixed in Version | 2.40MP3 | |||
| Status | closed | Fix in branch | 2.40 | Fixed in SCM revision | 12676 | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | PostgreSQL | Java version | 1.5 | |||
| OS Version | Database version | 8.3 | Ant version | 1.7 | ||||
| Product Version | 2.40 | SCM revision | 10587 | |||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0006813: Role with Organisation access can't fill out many required combos | |||||||
| Description | A Role that just has Organisation access (no Client, no *) is not able to use many forms/reports because the data for required combos is restricted to Organisation=* access (ie the required combos have an empty list of options). This is due to the security review which removed the * org from the #User_Org list. The WAD generated code has been updated to use #AccessibleOrgTree but none of the forms, reports, etc have been updated. I believe this is a significant issue and should be fixed in a 2.40 release as well as trunk. | |||||||
| Steps To Reproduce | Behaviour can be seen in many places. 1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User). 2) Go to Financial Management | Accounting | Analysis Tools | General Ledger Report 3) Try to select the Accounting Schema. Dropdown is empty 4) Cannot submit report. or 1)Logon to Openbravo with a Role that just as Org access (e.g. Openbravo User). 2) Go to Business Partner | Location tab 3) Create a new Location 4) Edit the address 5) Cannot select required fields region/country from dropdown 6) Cannot save new address | |||||||
| Proposed Solution | Update all forms/reports/etc to use #AccessibleOrgTree instead of #User_Org in the appropriate places. In particular this means any use of ComboTableData. The attached file contains a patch with modifications for the Openbravo 2.40 and trunk. Given the size of the change I believe it needs review rather than me committing it directly. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0012978) svnbot (reporter) 2009-02-02 09:57 |
Repository: openbravo Revision: 12630 Author: alostale Date: 2009-02-02 09:57:28 +0100 (Mon, 02 Feb 2009) Related to issue 0006813: Fixed accessible org tree for ad_reports --- U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ABCbPartner.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ABCproduct.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/GeneralAccountingReports.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/MInOutTraceReports.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportAccountingCountDimensionalAnalyses.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportAgingBalance.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportAnnualCertification.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportBank.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportBankJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportBudgetGenerateExcel.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCash.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCashFlow.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCashJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportCashflowForecast.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportDebtPayment.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportDebtPaymentTrack.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportExpense.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedger.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportGeneralLedgerJournal.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportGuaranteeDateJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInventory.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalyses.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerDimensionalAnalysesJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerEdition.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceCustomerJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscount.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceDiscountJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorDimensionalAnalysesJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoiceVendorJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoices.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportInvoicesJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportMaterialDimensionalAnalysesJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEdition.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportMaterialTransactionEditionJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportOffer.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportOrderNotInvoiceJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportParetoProduct.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportPendingProductionJr.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportPricelist.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductMovement.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProduction.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductionCost.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductionJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProductionRunJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSite.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProjectBuildingSiteJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportProjectProfitabilityJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportPurchaseDimensionalAnalysesJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportRefundInvoiceCustomerDimensionalAnalyses.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportRefundSalesDimensionalAnalyses.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesDimensionalAnalyzeJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderInvoicedJasper.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItem.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderOpenItemJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportSalesOrderProvidedJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportShipmentDimensionalAnalyzeJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportShipmentEditionJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportShipper.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportStandardCostJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignment.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportToInvoiceConsignmentJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportTotalProductTemplate.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalance.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportTrialBalanceDetail.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportValuationStock.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseControl.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWarehouseDetailInventoryJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWarehousePartnerJR.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDaily.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementDailyEnv.java U branches/r2.40/src/org/openbravo/erpCommon/ad_reports/ReportWorkRequirementJR.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12630&sc=1 [^] |
|
(0012979) svnbot (reporter) 2009-02-02 10:00 |
Repository: openbravo Revision: 12631 Author: alostale Date: 2009-02-02 10:00:18 +0100 (Mon, 02 Feb 2009) Related to issue 0006813: Fixed accessible org tree for erpReports --- U branches/r2.40/src/org/openbravo/erpReports/RptC_Proposal.java U branches/r2.40/src/org/openbravo/erpReports/RptC_ProposalJr.java U branches/r2.40/src/org/openbravo/erpReports/RptC_Remittance.java U branches/r2.40/src/org/openbravo/erpReports/RptC_Settlement.java U branches/r2.40/src/org/openbravo/erpReports/RptPromissoryNote.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12631&sc=1 [^] |
|
(0012992) svnbot (reporter) 2009-02-02 10:49 |
Repository: openbravo Revision: 12636 Author: alostale Date: 2009-02-02 10:49:24 +0100 (Mon, 02 Feb 2009) Related to issue 0006813: fixed org in callouts --- U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Invoice_BPartner.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Order_BPartner.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Project_BPartner.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Proposal_BPartner.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SE_Wh_SchedulePeriod.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_CreateFromMultiple_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_GlobalUse_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_InOutLine_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_InOut_BPartner.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Internal_Consumption_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Inventory_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Invoice_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Movement_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Order_DocType.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Order_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Payment_Amounts.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_Production_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_RequisitionLine_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_SequenceProduct_Product.java U branches/r2.40/src/org/openbravo/erpCommon/ad_callouts/SL_WRPhaseProduct_Product.java U branches/r2.40/src/org/openbravo/erpReports/RptC_RemittanceJR.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12636&sc=1 [^] |
|
(0013011) svnbot (reporter) 2009-02-02 13:44 |
Repository: openbravo Revision: 12654 Author: alostale Date: 2009-02-02 13:44:57 +0100 (Mon, 02 Feb 2009) related to issue 0006813: Fixed org in action buttons --- U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/ActionButtonUtility.java U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/CreateFile.java U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/CreateFrom.java U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/CreateFromMultiple.java U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/ProjectSetType.java U branches/r2.40/src/org/openbravo/erpCommon/ad_actionButton/UpdateMaintenanceScheduled.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12654&sc=1 [^] |
|
(0013014) svnbot (reporter) 2009-02-02 13:57 |
Repository: openbravo Revision: 12659 Author: alostale Date: 2009-02-02 13:57:49 +0100 (Mon, 02 Feb 2009) related to issue 0006813: Fixed org in ad process --- U branches/r2.40/src/org/openbravo/erpCommon/ad_process/CashBankOperations.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/ChangeOrderOrg.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/CreateAccountingReport.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/GenerateHelp.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/ImportAccountServlet.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/ImportBudgetServlet.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/PriceListCreateAll.java U branches/r2.40/src/org/openbravo/erpCommon/ad_process/SendMailText.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12659&sc=1 [^] |
|
(0013017) svnbot (reporter) 2009-02-02 15:04 |
Repository: openbravo Revision: 12662 Author: alostale Date: 2009-02-02 15:04:56 +0100 (Mon, 02 Feb 2009) related to issue 0006813: Fixed org in forms --- U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/AlertManagement.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/CallAcctServer.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/FileImport.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/InitialClientSetup.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/InvoiceVendorMultiline_Lines.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/RequisitionToOrder.java U branches/r2.40/src/org/openbravo/erpCommon/ad_forms/ShowSessionPreferences.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12662&sc=1 [^] |
|
(0013021) svnbot (reporter) 2009-02-02 15:21 |
Repository: openbravo Revision: 12665 Author: alostale Date: 2009-02-02 15:21:02 +0100 (Mon, 02 Feb 2009) related to issue 0006813: Fixed org in others --- U branches/r2.40/src/org/openbravo/erpCommon/ad_workflow/WorkflowControl.java U branches/r2.40/src/org/openbravo/erpCommon/businessUtility/Buscador.java U branches/r2.40/src/org/openbravo/erpCommon/businessUtility/TabAttachments.java U branches/r2.40/src/org/openbravo/erpCommon/utility/VerticalMenu.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12665&sc=1 [^] |
|
(0013026) svnbot (reporter) 2009-02-02 16:52 |
Repository: openbravo Revision: 12676 Author: alostale Date: 2009-02-02 16:52:07 +0100 (Mon, 02 Feb 2009) related to issue 0006813: Fixed org in selectors --- U branches/r2.40/src/org/openbravo/erpCommon/info/BusinessPartnerMultiple.java U branches/r2.40/src/org/openbravo/erpCommon/info/DebtPayment.java U branches/r2.40/src/org/openbravo/erpCommon/info/ImageInfo.java U branches/r2.40/src/org/openbravo/erpCommon/info/InvoiceLine.java U branches/r2.40/src/org/openbravo/erpCommon/info/Locator.java U branches/r2.40/src/org/openbravo/erpCommon/info/Product.java U branches/r2.40/src/org/openbravo/erpCommon/info/ProductComplete.java U branches/r2.40/src/org/openbravo/erpCommon/info/ProductMultiple.java U branches/r2.40/src/org/openbravo/erpCommon/info/Project.java U branches/r2.40/src/org/openbravo/erpCommon/info/SalesOrder.java U branches/r2.40/src/org/openbravo/erpCommon/info/SalesOrderLine.java U branches/r2.40/src/org/openbravo/erpCommon/info/ShipmentReceipt.java U branches/r2.40/src/org/openbravo/erpCommon/info/ShipmentReceiptLine.java --- https://dev.openbravo.com/websvn/openbravo/?rev=12676&sc=1 [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-01-09 11:32 | psarobe | Type | defect => backport |
| 2009-01-09 11:32 | psarobe | fix_in_branch | => 2.40 |
| 2009-02-02 09:57 | svnbot | Checkin | |
| 2009-02-02 09:57 | svnbot | Note Added: 0012978 | |
| 2009-02-02 09:57 | svnbot | svn_revision | => 12630 |
| 2009-02-02 10:00 | svnbot | Checkin | |
| 2009-02-02 10:00 | svnbot | Note Added: 0012979 | |
| 2009-02-02 10:00 | svnbot | svn_revision | 12630 => 12631 |
| 2009-02-02 10:49 | svnbot | Checkin | |
| 2009-02-02 10:49 | svnbot | Note Added: 0012992 | |
| 2009-02-02 10:49 | svnbot | svn_revision | 12631 => 12636 |
| 2009-02-02 13:44 | svnbot | Checkin | |
| 2009-02-02 13:44 | svnbot | Note Added: 0013011 | |
| 2009-02-02 13:44 | svnbot | svn_revision | 12636 => 12654 |
| 2009-02-02 13:57 | svnbot | Checkin | |
| 2009-02-02 13:57 | svnbot | Note Added: 0013014 | |
| 2009-02-02 13:57 | svnbot | svn_revision | 12654 => 12659 |
| 2009-02-02 15:04 | svnbot | Checkin | |
| 2009-02-02 15:04 | svnbot | Note Added: 0013017 | |
| 2009-02-02 15:04 | svnbot | svn_revision | 12659 => 12662 |
| 2009-02-02 15:21 | svnbot | Checkin | |
| 2009-02-02 15:21 | svnbot | Note Added: 0013021 | |
| 2009-02-02 15:21 | svnbot | svn_revision | 12662 => 12665 |
| 2009-02-02 16:52 | svnbot | Checkin | |
| 2009-02-02 16:52 | svnbot | Note Added: 0013026 | |
| 2009-02-02 16:52 | svnbot | svn_revision | 12665 => 12676 |
| 2009-02-02 17:05 | alostale | Status | scheduled => resolved |
| 2009-02-02 17:05 | alostale | Fixed in Version | => 2.40 |
| 2009-02-02 17:05 | alostale | Resolution | open => fixed |
| 2009-03-03 17:32 | psarobe | Fixed in Version | 2.40 => 2.40MP3 |
| 2009-03-04 17:51 | psarobe | Regression testing | => No |
| 2009-03-04 17:51 | psarobe | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |