Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0009979
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securitymajoralways2009-07-21 12:092009-08-18 00:00
ReporternetworkbView Statuspublic 
Assigned Toalostale 
PriorityimmediateResolutionfixedFixed in Versionpi
StatusclosedFix in branchpiFixed in SCM revision53febb6b06a5
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product Version2.40MP7SCM revision 
Merge Request Status
Review Assigned To
OBNetwork customerOBPS
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0009979: Linked items show elements in windows where the role has no permission

DescriptionFor example, a role is created only to access to Business Partner window.
A user access the application with this role.
Go to Business Partner, and select an existing one.
Press Linked items, and shows information, for example, about Manual settlement.
This is not correct. It must only show information about those elements that role can navigate.
Steps To Reproduce1)Create a Business partner.
Select as Employee.
Go to Manual Settlement. Create a new one.
In Create payment tab, select the partner in 1). As amount, 1000.
Go to Balance payment, select one GL/Item, and enter 1000 as debit amount.
Process it.
Back to Business partner window. Press linked items. The manual settlement is shown (it is supposed that role can access to Manual Settlement)
-------------------
Create a new role, just to access Business partner window.
Create a new user for this role.
Enter as this user.
Go to Business Partner window. Find the partner created in 1)
Press Linked items. Pop-up shows a link to Manual Settlement, including its amount. This must not happen
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
related to defect 00097052.50MP4 closedsathiyan The employees have acces to their payroll 
depends on backport 0009981 closedalostale Linked items show elements in windows where the role has no permission 

-  Notes
(0018479)
rafaroda (viewer)
2009-07-21 12:31

 Asier, can you please take action on this issue?

Thanks.
(0018499)
hgbot (developer)
2009-07-21 17:31

 Repository: erp/devel/pi
Changeset: 53febb6b06a577ec5ea8ff539e27f1edab94a0b9
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Tue Jul 21 17:15:25 2009 +0200
URL: http://code.openbravo.com/erp/devel/pi/rev/53febb6b06a577ec5ea8ff539e27f1edab94a0b9 [^]

fixed bug 0009979: Linked items show elements in windows where the role has no permission

---
M src/org/openbravo/erpCommon/utility/UsedByLink.java
M src/org/openbravo/erpCommon/utility/UsedByLink_data.xsql
---
(0018976)
sureshbabu (viewer)
2009-08-17 14:08

 system throws warning message as Warning: There are non accessible records

- Issue History
Date Modified Username Field Change
2009-07-21 12:09 networkb New Issue
2009-07-21 12:09 networkb Assigned To => rafaroda
2009-07-21 12:09 networkb OBNetwork customer => Yes
2009-07-21 12:31 rafaroda Note Added: 0018479
2009-07-21 12:31 rafaroda Assigned To rafaroda => alostale
2009-07-21 12:41 rafaroda Status new => scheduled
2009-07-21 12:41 rafaroda fix_in_branch => pi
2009-07-21 13:41 rafaroda Relationship added related to 0009705
2009-07-21 17:31 hgbot Checkin
2009-07-21 17:31 hgbot Note Added: 0018499
2009-07-21 17:31 hgbot Status scheduled => resolved
2009-07-21 17:31 hgbot Resolution open => fixed
2009-07-21 17:31 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/devel/pi/rev/53febb6b06a577ec5ea8ff539e27f1edab94a0b9 [^]
2009-08-17 14:08 sureshbabu Status resolved => closed
2009-08-17 14:08 sureshbabu Note Added: 0018976
2009-08-17 14:08 sureshbabu Fixed in Version => pi
2009-08-18 00:00 anonymous sf_bug_id 0 => 2839265

Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker