Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0009981 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| backport | [Openbravo ERP] C. Security | major | always | 2009-07-21 12:09 | 2009-07-22 12:28 | |||
| Reporter | networkb | View Status | public | |||||
| Assigned To | alostale | |||||||
| Priority | immediate | Resolution | fixed | Fixed in Version | 2.40MP8 | |||
| Status | closed | Fix in branch | 2.40 | Fixed in SCM revision | 01efdf924dc1 | |||
| Projection | none | ETA | none | Target Version | ||||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | 2.40MP7 | SCM revision | ||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0009981: Linked items show elements in windows where the role has no permission | |||||||
| Description | For example, a role is created only to access to Business Partner window. A user access the application with this role. Go to Business Partner, and select an existing one. Press Linked items, and shows information, for example, about Manual settlement. This is not correct. It must only show information about those elements that role can navigate. | |||||||
| Steps To Reproduce | 1)Create a Business partner. Select as Employee. Go to Manual Settlement. Create a new one. In Create payment tab, select the partner in 1). As amount, 1000. Go to Balance payment, select one GL/Item, and enter 1000 as debit amount. Process it. Back to Business partner window. Press linked items. The manual settlement is shown (it is supposed that role can access to Manual Settlement) ------------------- Create a new role, just to access Business partner window. Create a new user for this role. Enter as this user. Go to Business Partner window. Find the partner created in 1) Press Linked items. Pop-up shows a link to Manual Settlement, including its amount. This must not happen | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
|||||||||||||||
|
|||||||||||||||
 Relationships |
|
Notes |
|
|
(0018504) hgbot (developer) 2009-07-21 17:42 |
Repository: erp/stable/2.40 Changeset: 01efdf924dc1b13f52370daf42f465d6d57fa1ca Author: Asier Lostalé <asier.lostale <at> openbravo.com> Date: Tue Jul 21 17:42:10 2009 +0200 URL: http://code.openbravo.com/erp/stable/2.40/rev/01efdf924dc1b13f52370daf42f465d6d57fa1ca [^] fixed bug 0009981: Linked items show elements in windows where the role has no permission --- M src/org/openbravo/erpCommon/utility/UsedByLink.java M src/org/openbravo/erpCommon/utility/UsedByLink_data.xsql --- |
|
(0018548) sureshbabu (reporter) 2009-07-22 12:28 |
Tested working fine |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-07-21 12:41 | rafaroda | Type | defect => backport |
| 2009-07-21 12:41 | rafaroda | fix_in_branch | => 2.40 |
| 2009-07-21 13:40 | rafaroda | Relationship added | related to 0009950 |
| 2009-07-21 17:42 | hgbot | Checkin | |
| 2009-07-21 17:42 | hgbot | Note Added: 0018504 | |
| 2009-07-21 17:42 | hgbot | Status | scheduled => resolved |
| 2009-07-21 17:42 | hgbot | Resolution | open => fixed |
| 2009-07-21 17:42 | hgbot | Fixed in SCM revision | => http://code.openbravo.com/erp/stable/2.40/rev/01efdf924dc1b13f52370daf42f465d6d57fa1ca [^] |
| 2009-07-22 12:28 | sureshbabu | Status | resolved => closed |
| 2009-07-22 12:28 | sureshbabu | Note Added: 0018548 | |
| 2009-07-22 12:28 | sureshbabu | Fixed in Version | => 2.40MP8 |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |