details: https://code.openbravo.com/erp/devel/pi/rev/25364ea4dcdc changeset: 23994:25364ea4dcdc user: Asier Lostalé <asier.lostale <at> openbravo.com> date: Mon Jul 14 09:17:23 2014 +0200 summary: fixed bug 27057: can't select value in drop down if role has no access to field entity
Entity access check is done in admin mode, other case it failed if current role had no access to field/column entities details: https://code.openbravo.com/erp/devel/pi/rev/022f33b5b771 changeset: 23995:022f33b5b771 user: Asier LostalĂ© <asier.lostale <at> openbravo.com> date: Mon Jul 14 09:18:03 2014 +0200 summary: related to bug 27057: added test to cover this case diffstat: modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ComboTableDatasourceService.java | 10 ++--- src-test/org/openbravo/test/datasource/TestComboDatasource.java | 19 ++++++++++ 2 files changed, 23 insertions(+), 6 deletions(-) diffs (55 lines): diff -r 119c05bb76af -r 022f33b5b771 modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ComboTableDatasourceService.java --- a/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ComboTableDatasourceService.java Fri Jul 11 14:37:33 2014 +0200 +++ b/modules/org.openbravo.service.datasource/src/org/openbravo/service/datasource/ComboTableDatasourceService.java Mon Jul 14 09:18:03 2014 +0200 @@ -72,18 +72,16 @@ String filterString = null; int startRow = -1, endRow = -1, num = 0; - ; + + OBContext.setAdminMode(true); try { + // check access to current entity field = OBDal.getInstance().get(Field.class, fieldId); column = field.getColumn(); targetEntity = ModelProvider.getInstance().getEntityByTableId( (String) DalUtil.getId(column.getTable())); OBContext.getOBContext().getEntityAccessChecker().checkReadable(targetEntity); - } catch (Exception e1) { - throw new OBException(e1); - } - OBContext.setAdminMode(true); - try { + if (!StringUtils.isEmpty(parameters.get("criteria"))) { String criteria = parameters.get("criteria"); for (String criterion : criteria.split(JsonConstants.IN_PARAMETER_SEPARATOR)) { diff -r 119c05bb76af -r 022f33b5b771 src-test/org/openbravo/test/datasource/TestComboDatasource.java --- a/src-test/org/openbravo/test/datasource/TestComboDatasource.java Fri Jul 11 14:37:33 2014 +0200 +++ b/src-test/org/openbravo/test/datasource/TestComboDatasource.java Mon Jul 14 09:18:03 2014 +0200 @@ -196,6 +196,25 @@ String.valueOf(JsonConstants.RPCREQUEST_STATUS_VALIDATION_ERROR))); } + /** + * Tests a request to a combo with a role that has no access to field entity. This case was + * failing (see issue #27057) + */ + public void testRequestWithoutFieldAccess() throws Exception { + // Set employee role + changeProfile("D615084948E046E3A439915008F464A6", "192", "E443A31992CB4635AFCAEABE7183CE85", + "B2D40D8A5D644DD89E329DC297309055"); + + // Fetching Price List combo in Requisition window + Map<String, String> params = new HashMap<String, String>(); + params.put("fieldId", "803817"); + params.put("_operationType", "fetch"); + params.put("_startRow", "0"); + params.put("_endRow", "75"); + JSONObject jsonResponse = requestCombo(params); + assertTrue("Combo should have data", getData(jsonResponse).length() > 0); + } + private JSONObject requestCombo(Map<String, String> params) throws Exception { String response = doRequest("/org.openbravo.service.datasource/ComboTableDatasourceService", params, 200, "POST"); ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck® Code Sight™ - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ Openbravo-commits mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openbravo-commits
