details: /erp/stable/2.50/rev/ce8c13ed21b7
changeset: 9192:ce8c13ed21b7
user: Asier Lostalé <asier.lostale <at> openbravo.com>
date: Wed Feb 09 17:33:28 2011 +0100
summary: fixed bug 15907: Permissions to processes are not respected
diffstat:
src-db/database/sourcedata/AD_REF_LIST.xml | 12 ++++++++++++
src-wad/src/org/openbravo/wad/javasource.javaxml | 23 ++++++++++++++++++++++-
2 files changed, 34 insertions(+), 1 deletions(-)
diffs (76 lines):
diff -r fe47bc58a8ae -r ce8c13ed21b7 src-db/database/sourcedata/AD_REF_LIST.xml
--- a/src-db/database/sourcedata/AD_REF_LIST.xml Wed Feb 09 12:30:53
2011 +0100
+++ b/src-db/database/sourcedata/AD_REF_LIST.xml Wed Feb 09 17:33:28
2011 +0100
@@ -10736,4 +10736,16 @@
<!--FEAB443F9CF94815B0306F85A245AD40--> <SEQNO><![CDATA[1]]></SEQNO>
<!--FEAB443F9CF94815B0306F85A245AD40--></AD_REF_LIST>
+<!--FF8081812E0A7E62012E0A8326F7000C--><AD_REF_LIST>
+<!--FF8081812E0A7E62012E0A8326F7000C-->
<AD_REF_LIST_ID><![CDATA[FF8081812E0A7E62012E0A8326F7000C]]></AD_REF_LIST_ID>
+<!--FF8081812E0A7E62012E0A8326F7000C-->
<AD_CLIENT_ID><![CDATA[0]]></AD_CLIENT_ID>
+<!--FF8081812E0A7E62012E0A8326F7000C--> <AD_ORG_ID><![CDATA[0]]></AD_ORG_ID>
+<!--FF8081812E0A7E62012E0A8326F7000C--> <ISACTIVE><![CDATA[Y]]></ISACTIVE>
+<!--FF8081812E0A7E62012E0A8326F7000C-->
<VALUE><![CDATA[SecuredProcess]]></VALUE>
+<!--FF8081812E0A7E62012E0A8326F7000C--> <NAME><![CDATA[Secured
Process]]></NAME>
+<!--FF8081812E0A7E62012E0A8326F7000C--> <DESCRIPTION><![CDATA[Generated UI
processes called from buttons within tabs can be secured by setting this
property to 'Y'. If this property is not set, they can be executed without
giving explicit access by all roles with access to that window.]]></DESCRIPTION>
+<!--FF8081812E0A7E62012E0A8326F7000C-->
<AD_REFERENCE_ID><![CDATA[A26BA480E2014707B47257024C3CBFF7]]></AD_REFERENCE_ID>
+<!--FF8081812E0A7E62012E0A8326F7000C-->
<AD_MODULE_ID><![CDATA[0]]></AD_MODULE_ID>
+<!--FF8081812E0A7E62012E0A8326F7000C--></AD_REF_LIST>
+
</data>
diff -r fe47bc58a8ae -r ce8c13ed21b7
src-wad/src/org/openbravo/wad/javasource.javaxml
--- a/src-wad/src/org/openbravo/wad/javasource.javaxml Wed Feb 09 12:30:53
2011 +0100
+++ b/src-wad/src/org/openbravo/wad/javasource.javaxml Wed Feb 09 17:33:28
2011 +0100
@@ -12,7 +12,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2001-2010 Openbravo SLU
+ * All portions are Copyright (C) 2001-2011 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -67,12 +67,25 @@
ServletException {
VariablesSecureApp vars = new VariablesSecureApp(request);
String command = vars.getCommand();
+
+ boolean securedProcess = false;
if (command.contains("BUTTON")) {
+ try {
+ securedProcess =
"Y".equals(org.openbravo.erpCommon.businessUtility.Preferences
+ .getPreferenceValue("SecuredProcess", true, vars.getClient(),
vars.getOrg(), vars
+ .getUser(), vars.getRole(), windowId));
+ } catch (PropertyException e) {
+ }
+
<FIELDS_TMP id="sectionActionButtonsService">
if (command.contains("<FIELD_TMP
id="ProcessIDsrv">processId</FIELD_TMP>")) {
SessionInfo.setProcessType("P");
SessionInfo.setProcessId("<FIELD_TMP
id="ProcessIDsrv">processId</FIELD_TMP>");
SessionInfo.setModuleId("<FIELD_TMP
id="ProcessModulesrv">moduleId</FIELD_TMP>");
+ if (securedProcess) {
+ classInfo.type = "P";
+ classInfo.id = "<FIELD_TMP id="ProcessIDsrv">processId</FIELD_TMP>";
+ }
}
</FIELDS_TMP>
<FIELDS_TMP id="sectionActionButtonsServiceJava">
@@ -80,9 +93,17 @@
SessionInfo.setProcessType("P");
SessionInfo.setProcessId("<FIELD_TMP
id="ProcessIDsrvJ">processId</FIELD_TMP>");
SessionInfo.setModuleId("<FIELD_TMP
id="ProcessModulesrvJ">moduleId</FIELD_TMP>");
+ if (securedProcess) {
+ classInfo.type = "P";
+ classInfo.id = "<FIELD_TMP id="ProcessIDsrvJ">processId</FIELD_TMP>";
+ }
}
</FIELDS_TMP>
}
+ if (!securedProcess) {
+ classInfo.type = "W";
+ classInfo.id = windowId;
+ }
super.service(request, response);
}
</PARAMETER_TMP>
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Openbravo-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
