[jira] [Commented] (OFBIZ-7246) Workeffort : Arrange UI labels in alphabetic order
[ https://issues.apache.org/jira/browse/OFBIZ-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16610120#comment-16610120 ] Deepak Dixit commented on OFBIZ-7246: - Hi Suraj, It'd be good if you mention what minor changes you did in patch. It will help while review. > Workeffort : Arrange UI labels in alphabetic order > -- > > Key: OFBIZ-7246 > URL: https://issues.apache.org/jira/browse/OFBIZ-7246 > Project: OFBiz > Issue Type: Sub-task > Components: workeffort >Affects Versions: Trunk >Reporter: Shivangi Tanwar >Assignee: Suraj Khurana >Priority: Minor > Attachments: OFBIZ-7246.patch, OFBIZ-7246_trunk.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (OFBIZ-10556) Session gets expired : For FO PDF Download
[ https://issues.apache.org/jira/browse/OFBIZ-10556?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Deepak Dixit closed OFBIZ-10556. Resolution: Not A Problem Assignee: Deepak Dixit This is not related to ofbiz, if you start/restart server tomact by default destroy all session. Please ask question on dev mailing list. http://ofbiz.apache.org/mailing-lists.html > Session gets expired : For FO PDF Download > -- > > Key: OFBIZ-10556 > URL: https://issues.apache.org/jira/browse/OFBIZ-10556 > Project: OFBiz > Issue Type: Bug > Components: ALL COMPONENTS >Affects Versions: Release Branch 16.11 >Reporter: Murugeswari >Assignee: Deepak Dixit >Priority: Critical > > When we downloading PDF and accessing cross module session gets expired and > rendering login page again. For example I am downloading Order FO PDF file > and accessing accounting or catalog module session getting expired. This is > not happen everytime but for the first time when server is started or > restarted. > Please help me to fix this issue. > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10518) Inventory (Supply) Allocation Planning
[ https://issues.apache.org/jira/browse/OFBIZ-10518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Deepak Nigam updated OFBIZ-10518: - Attachment: OFBiz-10518-Supply-Allocation-Plan.patch > Inventory (Supply) Allocation Planning > -- > > Key: OFBIZ-10518 > URL: https://issues.apache.org/jira/browse/OFBIZ-10518 > Project: OFBiz > Issue Type: New Feature > Components: order, product >Reporter: Deepak Nigam >Assignee: Deepak Nigam >Priority: Major > Fix For: Trunk > > Attachments: CreateAllocationPlan-Step1.png, > CreateAllocationPlan-Step2.png, EditAllocationPlan.png, > FindAllocationPlan.png, OFBiz-10518-Supply-Allocation-Plan.patch, > ViewAllocationPlan.png > > > In the current implementation of inventory reservation flow, inventory gets > reserved for the order based on the reservation algorithm (FIFO, LIFO etc). > Many times, the fulfilment cycle of the order is too long or due to some > unexpected circumstances, the order holds the inventory for a long time. In > such scenarios, inventory availability becomes one of the major bottlenecks > in fulfilling the other sales order and businesses often remains short > supplied against the demand. > > We can provide a feature (Create, Find and Edit supply allocation screen) to > allocate the available and any future supply judiciously amongst existing > customers orders by considering different factors like estimated delivery > dates, order priority, customer preference etc. > > Following are the details design notes for the same: > > An order in the approved status will be considered as ‘Eligible for > Allocation’. The proposed supply allocation planning will have the following > set of features: > > *Create Allocation Plan:* > The authorized user will be able to initiate the process by setting the > desired product. > > *View/Edit Allocation Plan:* > 1) The system would search and list all the order lines which are eligible > for allocation for that particular product. > 2) The user can filter and sort the orders by various parameters like Sale > Channel, Customer, Order Id, Estimated Ship Date etc. > 3) The user can then prioritize the order by moving up or down the given > order in the priority ranking. Higher is the order in display result list, > higher will be the priority it would get during reservations. > 4) The user can set the ‘Allocated Quantity’ against ordered quantity at > order item line level. > 5) Once the Allocation Plan is submitted, the system would auto-assign the > priority and set the allocated quantity for each of the submitted orders to > be honoured during order reservations at any point in time. > 7) Incoming shipments would be reserved by honouring the same allocation plan > during order promising cycle. > 8) After allocating supply as per the allocation plan, any excess stock > should be reserved based on the standard FIFO method. > 9) If any of the items of an order is not planned via the Allocation Plan, > then also it should be reserved based on default FIFO criteria. > 10) The allocation for all the sales orders should be allowed for revision > unless the Shipment Plan is created against them. > > *Find Allocation Plan:* > The authorized user can search allocation plan(s) with filters like Plan Id, > Order Id, Product Id, Plan Method, Status etc. > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10518) Inventory (Supply) Allocation Planning
[ https://issues.apache.org/jira/browse/OFBIZ-10518?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Deepak Nigam updated OFBIZ-10518: - Attachment: (was: OFBiz-10518-Supply-Allocation-Plan.patch) > Inventory (Supply) Allocation Planning > -- > > Key: OFBIZ-10518 > URL: https://issues.apache.org/jira/browse/OFBIZ-10518 > Project: OFBiz > Issue Type: New Feature > Components: order, product >Reporter: Deepak Nigam >Assignee: Deepak Nigam >Priority: Major > Fix For: Trunk > > Attachments: CreateAllocationPlan-Step1.png, > CreateAllocationPlan-Step2.png, EditAllocationPlan.png, > FindAllocationPlan.png, OFBiz-10518-Supply-Allocation-Plan.patch, > ViewAllocationPlan.png > > > In the current implementation of inventory reservation flow, inventory gets > reserved for the order based on the reservation algorithm (FIFO, LIFO etc). > Many times, the fulfilment cycle of the order is too long or due to some > unexpected circumstances, the order holds the inventory for a long time. In > such scenarios, inventory availability becomes one of the major bottlenecks > in fulfilling the other sales order and businesses often remains short > supplied against the demand. > > We can provide a feature (Create, Find and Edit supply allocation screen) to > allocate the available and any future supply judiciously amongst existing > customers orders by considering different factors like estimated delivery > dates, order priority, customer preference etc. > > Following are the details design notes for the same: > > An order in the approved status will be considered as ‘Eligible for > Allocation’. The proposed supply allocation planning will have the following > set of features: > > *Create Allocation Plan:* > The authorized user will be able to initiate the process by setting the > desired product. > > *View/Edit Allocation Plan:* > 1) The system would search and list all the order lines which are eligible > for allocation for that particular product. > 2) The user can filter and sort the orders by various parameters like Sale > Channel, Customer, Order Id, Estimated Ship Date etc. > 3) The user can then prioritize the order by moving up or down the given > order in the priority ranking. Higher is the order in display result list, > higher will be the priority it would get during reservations. > 4) The user can set the ‘Allocated Quantity’ against ordered quantity at > order item line level. > 5) Once the Allocation Plan is submitted, the system would auto-assign the > priority and set the allocated quantity for each of the submitted orders to > be honoured during order reservations at any point in time. > 7) Incoming shipments would be reserved by honouring the same allocation plan > during order promising cycle. > 8) After allocating supply as per the allocation plan, any excess stock > should be reserved based on the standard FIFO method. > 9) If any of the items of an order is not planned via the Allocation Plan, > then also it should be reserved based on default FIFO criteria. > 10) The allocation for all the sales orders should be allowed for revision > unless the Shipment Plan is created against them. > > *Find Allocation Plan:* > The authorized user can search allocation plan(s) with filters like Plan Id, > Order Id, Product Id, Plan Method, Status etc. > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10518) Inventory (Supply) Allocation Planning
[ https://issues.apache.org/jira/browse/OFBIZ-10518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16610108#comment-16610108 ] Deepak Nigam commented on OFBIZ-10518: -- Removed the old patch and attached the latest one. > Inventory (Supply) Allocation Planning > -- > > Key: OFBIZ-10518 > URL: https://issues.apache.org/jira/browse/OFBIZ-10518 > Project: OFBiz > Issue Type: New Feature > Components: order, product >Reporter: Deepak Nigam >Assignee: Deepak Nigam >Priority: Major > Fix For: Trunk > > Attachments: CreateAllocationPlan-Step1.png, > CreateAllocationPlan-Step2.png, EditAllocationPlan.png, > FindAllocationPlan.png, OFBiz-10518-Supply-Allocation-Plan.patch, > ViewAllocationPlan.png > > > In the current implementation of inventory reservation flow, inventory gets > reserved for the order based on the reservation algorithm (FIFO, LIFO etc). > Many times, the fulfilment cycle of the order is too long or due to some > unexpected circumstances, the order holds the inventory for a long time. In > such scenarios, inventory availability becomes one of the major bottlenecks > in fulfilling the other sales order and businesses often remains short > supplied against the demand. > > We can provide a feature (Create, Find and Edit supply allocation screen) to > allocate the available and any future supply judiciously amongst existing > customers orders by considering different factors like estimated delivery > dates, order priority, customer preference etc. > > Following are the details design notes for the same: > > An order in the approved status will be considered as ‘Eligible for > Allocation’. The proposed supply allocation planning will have the following > set of features: > > *Create Allocation Plan:* > The authorized user will be able to initiate the process by setting the > desired product. > > *View/Edit Allocation Plan:* > 1) The system would search and list all the order lines which are eligible > for allocation for that particular product. > 2) The user can filter and sort the orders by various parameters like Sale > Channel, Customer, Order Id, Estimated Ship Date etc. > 3) The user can then prioritize the order by moving up or down the given > order in the priority ranking. Higher is the order in display result list, > higher will be the priority it would get during reservations. > 4) The user can set the ‘Allocated Quantity’ against ordered quantity at > order item line level. > 5) Once the Allocation Plan is submitted, the system would auto-assign the > priority and set the allocated quantity for each of the submitted orders to > be honoured during order reservations at any point in time. > 7) Incoming shipments would be reserved by honouring the same allocation plan > during order promising cycle. > 8) After allocating supply as per the allocation plan, any excess stock > should be reserved based on the standard FIFO method. > 9) If any of the items of an order is not planned via the Allocation Plan, > then also it should be reserved based on default FIFO criteria. > 10) The allocation for all the sales orders should be allowed for revision > unless the Shipment Plan is created against them. > > *Find Allocation Plan:* > The authorized user can search allocation plan(s) with filters like Plan Id, > Order Id, Product Id, Plan Method, Status etc. > > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10515) Impersonation of userLogin feature
[ https://issues.apache.org/jira/browse/OFBIZ-10515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gil Portenseigne updated OFBIZ-10515: - Attachment: OFBIZ-10515.patch > Impersonation of userLogin feature > -- > > Key: OFBIZ-10515 > URL: https://issues.apache.org/jira/browse/OFBIZ-10515 > Project: OFBiz > Issue Type: Improvement >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Upcoming Branch > > Attachments: ImpersonationWidget.png, OFBIZ-10515.patch, > OFBIZ-10515.patch, OFBIZ-10515.patch, OFBIZ-10515.patch, impersonate-ico.png, > impersonateButton.png > > > This JIRA introduce a new feature that allow the impersonation of a login by > an authorized user. > This is implemeted with :· > * A new service ‘userImpersonate’ that will check security, store > impersonation in UserLoginHistory, and return the new session > * Events ‘userImpersonate’ and ‘userDepersonate’ that will allow > impersonation/depersonation action persisting current user session > * A new modal widget in the common-theme that inform the user about > ‘impersonation in process’ and offering a way to depersonate. > * A new field in UserLoginHistory to store impersonation originator > * A button in party viewprofile page to illustrate the feature -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10515) Impersonation of userLogin feature
[ https://issues.apache.org/jira/browse/OFBIZ-10515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gil Portenseigne updated OFBIZ-10515: - Attachment: OFBIZ-10515.patch > Impersonation of userLogin feature > -- > > Key: OFBIZ-10515 > URL: https://issues.apache.org/jira/browse/OFBIZ-10515 > Project: OFBiz > Issue Type: Improvement >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Upcoming Branch > > Attachments: ImpersonationWidget.png, OFBIZ-10515.patch, > OFBIZ-10515.patch, OFBIZ-10515.patch, impersonate-ico.png, > impersonateButton.png > > > This JIRA introduce a new feature that allow the impersonation of a login by > an authorized user. > This is implemeted with :· > * A new service ‘userImpersonate’ that will check security, store > impersonation in UserLoginHistory, and return the new session > * Events ‘userImpersonate’ and ‘userDepersonate’ that will allow > impersonation/depersonation action persisting current user session > * A new modal widget in the common-theme that inform the user about > ‘impersonation in process’ and offering a way to depersonate. > * A new field in UserLoginHistory to store impersonation originator > * A button in party viewprofile page to illustrate the feature -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10515) Impersonation of userLogin feature
[ https://issues.apache.org/jira/browse/OFBIZ-10515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gil Portenseigne updated OFBIZ-10515: - Attachment: (was: OFBIZ-10515.patch) > Impersonation of userLogin feature > -- > > Key: OFBIZ-10515 > URL: https://issues.apache.org/jira/browse/OFBIZ-10515 > Project: OFBiz > Issue Type: Improvement >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Upcoming Branch > > Attachments: ImpersonationWidget.png, OFBIZ-10515.patch, > OFBIZ-10515.patch, OFBIZ-10515.patch, impersonate-ico.png, > impersonateButton.png > > > This JIRA introduce a new feature that allow the impersonation of a login by > an authorized user. > This is implemeted with :· > * A new service ‘userImpersonate’ that will check security, store > impersonation in UserLoginHistory, and return the new session > * Events ‘userImpersonate’ and ‘userDepersonate’ that will allow > impersonation/depersonation action persisting current user session > * A new modal widget in the common-theme that inform the user about > ‘impersonation in process’ and offering a way to depersonate. > * A new field in UserLoginHistory to store impersonation originator > * A button in party viewprofile page to illustrate the feature -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10515) Impersonation of userLogin feature
[ https://issues.apache.org/jira/browse/OFBIZ-10515?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609727#comment-16609727 ] Gil Portenseigne commented on OFBIZ-10515: -- New patch with documentation integration in developer-manual, i did hesitate about putting it in user manual, but since it concerns security and will be used mainly by admin i think it belongs to developer-manual. > Impersonation of userLogin feature > -- > > Key: OFBIZ-10515 > URL: https://issues.apache.org/jira/browse/OFBIZ-10515 > Project: OFBiz > Issue Type: Improvement >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Upcoming Branch > > Attachments: ImpersonationWidget.png, OFBIZ-10515.patch, > OFBIZ-10515.patch, OFBIZ-10515.patch, impersonate-ico.png, > impersonateButton.png > > > This JIRA introduce a new feature that allow the impersonation of a login by > an authorized user. > This is implemeted with :· > * A new service ‘userImpersonate’ that will check security, store > impersonation in UserLoginHistory, and return the new session > * Events ‘userImpersonate’ and ‘userDepersonate’ that will allow > impersonation/depersonation action persisting current user session > * A new modal widget in the common-theme that inform the user about > ‘impersonation in process’ and offering a way to depersonate. > * A new field in UserLoginHistory to store impersonation originator > * A button in party viewprofile page to illustrate the feature -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10515) Impersonation of userLogin feature
[ https://issues.apache.org/jira/browse/OFBIZ-10515?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Gil Portenseigne updated OFBIZ-10515: - Attachment: OFBIZ-10515.patch > Impersonation of userLogin feature > -- > > Key: OFBIZ-10515 > URL: https://issues.apache.org/jira/browse/OFBIZ-10515 > Project: OFBiz > Issue Type: Improvement >Affects Versions: Trunk >Reporter: Gil Portenseigne >Assignee: Gil Portenseigne >Priority: Minor > Fix For: Upcoming Branch > > Attachments: ImpersonationWidget.png, OFBIZ-10515.patch, > OFBIZ-10515.patch, OFBIZ-10515.patch, impersonate-ico.png, > impersonateButton.png > > > This JIRA introduce a new feature that allow the impersonation of a login by > an authorized user. > This is implemeted with :· > * A new service ‘userImpersonate’ that will check security, store > impersonation in UserLoginHistory, and return the new session > * Events ‘userImpersonate’ and ‘userDepersonate’ that will allow > impersonation/depersonation action persisting current user session > * A new modal widget in the common-theme that inform the user about > ‘impersonation in process’ and offering a way to depersonate. > * A new field in UserLoginHistory to store impersonation originator > * A button in party viewprofile page to illustrate the feature -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10372) Calculate estimated shipment delivery time
[
https://issues.apache.org/jira/browse/OFBIZ-10372?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609428#comment-16609428
]
Nicolas Malin commented on OFBIZ-10372:
---
I updated a new patch [^OFBIZ-10372.patch] with a correction on the update a
ship group on order and correct unit test on testIntegration
> Calculate estimated shipment delivery time
> --
>
> Key: OFBIZ-10372
> URL: https://issues.apache.org/jira/browse/OFBIZ-10372
> Project: OFBiz
> Issue Type: New Feature
> Components: order
>Affects Versions: Trunk
>Reporter: Nicolas Malin
>Assignee: Nicolas Malin
>Priority: Major
> Labels: order, shipment, time
> Attachments: OFBIZ-10372.patch, OFBIZ-10372.patch, OFBIZ-10372.patch
>
>
> Currently when you pass an order in ofbiz you can select the shipment method
> to delivery finish good and obtains an amount cost but you have nothing to
> indicate how the delivration will during.
> We have a good example with ship by plane or boat and for road the time is
> different between the Portugal to Spain and Portugal to Slovenia.
> With this information, we can planned the estimated delivery date with the
> estimated date to produce finish good and the time to delivery them
> To fill this gap, we introduce a new entity ShipmentTimeEstimate modelled as
> ShipmentCostEstimate to define the estimated time for a shipment method, a
> carrier and two geo location:
> {code:java}
> package-name="org.apache.ofbiz.shipment.shipment"
> title="Shipment Time Estimation Entity">
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ...
> {code}
> We have two asks related to this issue on users
> [1|https://lists.apache.org/thread.html/de58aa36744804c28eccef6fc7ebc8f0311f65b0dc6b17f1fa5234d4@%3Cuser.ofbiz.apache.org%3E]
>
> [2|https://lists.apache.org/thread.html/1d79dd9f42fc256e5986271e9e0447bde2980bf0310c4b5f04a35e9f@%3Cuser.ofbiz.apache.org%3E]
>
> The first patch made in collaboration with Leila Mekika lays bricks to
> implement this idea
> All remark and suggest are welcome to continue it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Updated] (OFBIZ-10372) Calculate estimated shipment delivery time
[
https://issues.apache.org/jira/browse/OFBIZ-10372?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nicolas Malin updated OFBIZ-10372:
--
Attachment: OFBIZ-10372.patch
> Calculate estimated shipment delivery time
> --
>
> Key: OFBIZ-10372
> URL: https://issues.apache.org/jira/browse/OFBIZ-10372
> Project: OFBiz
> Issue Type: New Feature
> Components: order
>Affects Versions: Trunk
>Reporter: Nicolas Malin
>Assignee: Nicolas Malin
>Priority: Major
> Labels: order, shipment, time
> Attachments: OFBIZ-10372.patch, OFBIZ-10372.patch, OFBIZ-10372.patch
>
>
> Currently when you pass an order in ofbiz you can select the shipment method
> to delivery finish good and obtains an amount cost but you have nothing to
> indicate how the delivration will during.
> We have a good example with ship by plane or boat and for road the time is
> different between the Portugal to Spain and Portugal to Slovenia.
> With this information, we can planned the estimated delivery date with the
> estimated date to produce finish good and the time to delivery them
> To fill this gap, we introduce a new entity ShipmentTimeEstimate modelled as
> ShipmentCostEstimate to define the estimated time for a shipment method, a
> carrier and two geo location:
> {code:java}
> package-name="org.apache.ofbiz.shipment.shipment"
> title="Shipment Time Estimation Entity">
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ...
> {code}
> We have two asks related to this issue on users
> [1|https://lists.apache.org/thread.html/de58aa36744804c28eccef6fc7ebc8f0311f65b0dc6b17f1fa5234d4@%3Cuser.ofbiz.apache.org%3E]
>
> [2|https://lists.apache.org/thread.html/1d79dd9f42fc256e5986271e9e0447bde2980bf0310c4b5f04a35e9f@%3Cuser.ofbiz.apache.org%3E]
>
> The first patch made in collaboration with Leila Mekika lays bricks to
> implement this idea
> All remark and suggest are welcome to continue it.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-7246) Workeffort : Arrange UI labels in alphabetic order
[ https://issues.apache.org/jira/browse/OFBIZ-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609224#comment-16609224 ] Pierre Smits commented on OFBIZ-7246: - Hi [~suraj.khurana] , Is this an improvement on the patch provided by [~shivangi.tanwar]? Or does it stand on its own (without the requirement to apply the first patch before yours)? Anyway, as this is an ticket with priority = minor, and potentially a low risk, why don't you go ahead and commit this improvement? Instead of waiting - the obligatory 72 hrs) on another contributor (with other priorities). You have the trust of your peers (and have been awarded the privileges accordingly) to use your own judgement to do the right thing for the project. > Workeffort : Arrange UI labels in alphabetic order > -- > > Key: OFBIZ-7246 > URL: https://issues.apache.org/jira/browse/OFBIZ-7246 > Project: OFBiz > Issue Type: Sub-task > Components: workeffort >Affects Versions: Trunk >Reporter: Shivangi Tanwar >Assignee: Suraj Khurana >Priority: Minor > Attachments: OFBIZ-7246.patch, OFBIZ-7246_trunk.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-7246) Workeffort : Arrange UI labels in alphabetic order
[ https://issues.apache.org/jira/browse/OFBIZ-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609182#comment-16609182 ] Suraj Khurana commented on OFBIZ-7246: -- Hello team, Uploaded updated patch with few minor changes. > Workeffort : Arrange UI labels in alphabetic order > -- > > Key: OFBIZ-7246 > URL: https://issues.apache.org/jira/browse/OFBIZ-7246 > Project: OFBiz > Issue Type: Sub-task > Components: workeffort >Affects Versions: Trunk >Reporter: Shivangi Tanwar >Assignee: Suraj Khurana >Priority: Minor > Attachments: OFBIZ-7246.patch, OFBIZ-7246_trunk.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-7246) Workeffort : Arrange UI labels in alphabetic order
[ https://issues.apache.org/jira/browse/OFBIZ-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Suraj Khurana updated OFBIZ-7246: - Attachment: OFBIZ-7246.patch > Workeffort : Arrange UI labels in alphabetic order > -- > > Key: OFBIZ-7246 > URL: https://issues.apache.org/jira/browse/OFBIZ-7246 > Project: OFBiz > Issue Type: Sub-task > Components: workeffort >Affects Versions: Trunk >Reporter: Shivangi Tanwar >Priority: Minor > Attachments: OFBIZ-7246.patch, OFBIZ-7246_trunk.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (OFBIZ-7246) Workeffort : Arrange UI labels in alphabetic order
[ https://issues.apache.org/jira/browse/OFBIZ-7246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Suraj Khurana reassigned OFBIZ-7246: Assignee: Suraj Khurana > Workeffort : Arrange UI labels in alphabetic order > -- > > Key: OFBIZ-7246 > URL: https://issues.apache.org/jira/browse/OFBIZ-7246 > Project: OFBiz > Issue Type: Sub-task > Components: workeffort >Affects Versions: Trunk >Reporter: Shivangi Tanwar >Assignee: Suraj Khurana >Priority: Minor > Attachments: OFBIZ-7246.patch, OFBIZ-7246_trunk.patch > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Assigned] (OFBIZ-10553) Convert QuoteServices.xml mini lang to groovy
[ https://issues.apache.org/jira/browse/OFBIZ-10553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin reassigned OFBIZ-10553: - Assignee: Nicolas Malin > Convert QuoteServices.xml mini lang to groovy > - > > Key: OFBIZ-10553 > URL: https://issues.apache.org/jira/browse/OFBIZ-10553 > Project: OFBiz > Issue Type: Sub-task > Components: order >Affects Versions: Trunk >Reporter: Antoine Ouvrard >Assignee: Nicolas Malin >Priority: Minor > Attachments: OFBIZ-10553.patch > > > This is an attempt to migrate QuoteServices.xml to groovy file version. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"
[ https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609071#comment-16609071 ] Dennis Balkir commented on OFBIZ-4361: -- Hi [~pfm.smits], I am currently working on the solution Michael mentioned. This is nearly finished, but I am occupied with other projects, this is the reason, why it takes so long. The solution we are using, will not only use a generated token to create a link, but the token can also be used for user registration and various other things. We already use the token for user registration in projects we are working on, so there already are methods implemented for this case and the token in general. There should be time to finish this up in a few days. I hope, this won't cause any inconvenience > Any ecommerce user has the ability to reset anothers password (including > admin) via "Forget Your Password" > -- > > Key: OFBIZ-4361 > URL: https://issues.apache.org/jira/browse/OFBIZ-4361 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 11.04, Release Branch 13.07, Release > Branch 14.12, Trunk, Release Branch 15.12, Release Branch 16.11, Release > Branch 17.12 > Environment: Ubuntu and others >Reporter: mz4wheeler >Assignee: Michael Brohl >Priority: Major > Labels: security > Attachments: OFBIZ-4361.patch, OFBIZ-4361_OneScreen.patch, > OFBIZ-4361_ReworkPasswordLogic.patch, OFBIZ-4361_ReworkPasswordLogic.patch > > > Currently, any user (via ecommerce "Forget Your Password") has the ability to > reset another users password, including "admin" without permission. By > simply entering "admin" and clicking "Email Password", the following is > displayed. > The following occurred: > A new password has been created and sent to you. Please check your Email. > This now forces the user of the ERP to change their password. It is also > possible to generate a dictionary attack against ofbiz because there is no > capta code required. This is serious security risk. > This feature could be reduced to a certain sub-set of users, whose login name > is optionally in the format of an email address, and maybe require a capta > code to prevent dictionary attacks. > For example, limit the feature to role "Customer" of type "Person" which was > generated via an ecommerce transaction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-4674) Human Resource Manager Tree
[ https://issues.apache.org/jira/browse/OFBIZ-4674?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16609016#comment-16609016 ] Pierre Smits commented on OFBIZ-4674: - Is this still a valid issue? I was looking at OFBIZ-10510 (and the attached spreadsheet therein) and noticed some similarities. > Human Resource Manager Tree > --- > > Key: OFBIZ-4674 > URL: https://issues.apache.org/jira/browse/OFBIZ-4674 > Project: OFBiz > Issue Type: Bug > Components: humanres >Affects Versions: Trunk > Environment: Latest Trunk >Reporter: Jacopo Cappellato >Assignee: Ashish Vijaywargiya >Priority: Major > Attachments: ASF.LICENSE.NOT.GRANTED--HR Tree Before Sample > Accounting Data Loaded.jpg, ASF.LICENSE.NOT.GRANTED--HR Tree With Sample > Accounting Data Loaded.jpg, HumanResAcctData.xml > > > In the latest trunk the tree off the HR Main menu has some questionable > behavior: > 1. The developer and test persons created in the Accounting application > behave like organizations. > They display the organization icon and context menu. > For example: > Go to Human Resources Main > In the tree open the nodes Development Department > Development Team 1 > Right Click on any of the children Developer1-3. > Developers 1-3 are persons but the context menu presents the functions for an > organization (Add Employee Position / Add Internal Organization). > The Testing entities have the same behavior. > See attached AcctHRBefore.jpg > Expected parties that are persons would not have context functions. > Expected Accounting entities to display icons and behavior in the manner of > the Programmer and Demo Employee created by HumanResDemoData.xml. > For example load the attached HumanResAcctData.xml using Webtools > Entity > Import > Absolute Filename or URL to see the expected result as shown in > attache AcctHRAfter.jpg > 2. The context menu Add Internal Organization allows duplicate organization > entities in the tree. > This by itself does not make business sense and it permits the creation of > recursive structures by selecting the name of the parent for the child. > For example: > Go to Human Resources Main In the tree right click on "Development > department" > In the context menu select Add Internal Organization In the drop down list > select "DEV" Click Create After refresh open the "Development department". > It now contains a child "Development department" which has a child > "Development department" etc etc. > It is also possible to create recursion by adding an organizations parent as > a child. > Substitute party_id "Company" for "DEV" in the above exercise. > Expected unique nodes > 3. Selecting Add Employee Position or Add Person from the context menu opens > the corresponding edit forms with calendar lookup fields. > The calendar form does no open when the lookup icon is clicked. > Expected calendar to open on click. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10510) Employee names appear as "Null" in company tree.
[ https://issues.apache.org/jira/browse/OFBIZ-10510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608998#comment-16608998 ] Shantanu edited comment on OFBIZ-10510 at 9/10/18 10:48 AM: Closing the issues as the original problem of employee names showing up as NULL on the tree was solved and there are million other things wrong with the whole HR module that need separate threads of their own. was (Author: srivastava): Closing the issues and the original problem of employee names showing up as NULL on the tree was solved and there are million other things wrong with the whole HR module that need separate threads of their own. > Employee names appear as "Null" in company tree. > > > Key: OFBIZ-10510 > URL: https://issues.apache.org/jira/browse/OFBIZ-10510 > Project: OFBiz > Issue Type: Bug > Components: humanres >Affects Versions: 16.11.04 >Reporter: Shantanu >Priority: Major > Fix For: 16.11.05 > > Attachments: Company Tree.jpg, Employee Profile.jpg, > HumanResEvents.java, OFBIZ ISSUES-Excel Sheet_V1 (1).xlsx > > > I've created a sample Internal Organisation called "New Department". > Made a position within it called "New Postion". > Then created an Employee named "Adi Singh" and added him the "New Postion" > and Employed in "New Department" > But in the company tree the name of employee appears as Null. > Please help. > I've attached two images showing the issues. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (OFBIZ-10510) Employee names appear as "Null" in company tree.
[ https://issues.apache.org/jira/browse/OFBIZ-10510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shantanu closed OFBIZ-10510. Resolution: Done Fix Version/s: 16.11.05 Closing the issues and the original problem of employee names showing up as NULL on the tree was solved and there are million other things wrong with the whole HR module that need separate threads of their own. > Employee names appear as "Null" in company tree. > > > Key: OFBIZ-10510 > URL: https://issues.apache.org/jira/browse/OFBIZ-10510 > Project: OFBiz > Issue Type: Bug > Components: humanres >Affects Versions: 16.11.04 >Reporter: Shantanu >Priority: Major > Fix For: 16.11.05 > > Attachments: Company Tree.jpg, Employee Profile.jpg, > HumanResEvents.java, OFBIZ ISSUES-Excel Sheet_V1 (1).xlsx > > > I've created a sample Internal Organisation called "New Department". > Made a position within it called "New Postion". > Then created an Employee named "Adi Singh" and added him the "New Postion" > and Employed in "New Department" > But in the company tree the name of employee appears as Null. > Please help. > I've attached two images showing the issues. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"
[ https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608999#comment-16608999 ] Pierre Smits commented on OFBIZ-4361: - There are patches available for this ticket! Is any of these patches good enough to be committed to mitigate the issue before Michael and/or other members of his team have the time to present their favourable solution for review? > Any ecommerce user has the ability to reset anothers password (including > admin) via "Forget Your Password" > -- > > Key: OFBIZ-4361 > URL: https://issues.apache.org/jira/browse/OFBIZ-4361 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 11.04, Release Branch 13.07, Release > Branch 14.12, Trunk, Release Branch 15.12, Release Branch 16.11, Release > Branch 17.12 > Environment: Ubuntu and others >Reporter: mz4wheeler >Assignee: Michael Brohl >Priority: Major > Labels: security > Attachments: OFBIZ-4361.patch, OFBIZ-4361_OneScreen.patch, > OFBIZ-4361_ReworkPasswordLogic.patch, OFBIZ-4361_ReworkPasswordLogic.patch > > > Currently, any user (via ecommerce "Forget Your Password") has the ability to > reset another users password, including "admin" without permission. By > simply entering "admin" and clicking "Email Password", the following is > displayed. > The following occurred: > A new password has been created and sent to you. Please check your Email. > This now forces the user of the ERP to change their password. It is also > possible to generate a dictionary attack against ofbiz because there is no > capta code required. This is serious security risk. > This feature could be reduced to a certain sub-set of users, whose login name > is optionally in the format of an email address, and maybe require a capta > code to prevent dictionary attacks. > For example, limit the feature to role "Customer" of type "Person" which was > generated via an ecommerce transaction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10510) Employee names appear as "Null" in company tree.
[ https://issues.apache.org/jira/browse/OFBIZ-10510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608992#comment-16608992 ] Shantanu commented on OFBIZ-10510: -- Hello everyone, [~deepak.nigam] [~jacques.le.roux] As of today my company has decided to stop using ofbiz as they didnt find the HR module suitable enough to continue working as too many features are missing, incomplete or malfunctioning hence I will no longer be using it either. I'd like to add another Issue that's not mentioned in the List of Issues I provided here. > The salaries of employees don't appear unless they are fulfilling a position > that is directly under the root node. If you shift the same position from > under the root to some other internal organization the salaries will not > appear. It's the case even if you create position and position type > specifically for a particular organization, the salary doesnt appear unless > the position is directly under the root node. Secondly, here's the HumanResEvents.java file I changed in order to display the employee names properly on the HR Tree, in case someone wants to check it out. The location is: ofbiz/applications/humanres/src/main/java/org/apache/ofbiz/humanres/ Paste it there, rebuild. [^HumanResEvents.java] > Employee names appear as "Null" in company tree. > > > Key: OFBIZ-10510 > URL: https://issues.apache.org/jira/browse/OFBIZ-10510 > Project: OFBiz > Issue Type: Bug > Components: humanres >Affects Versions: 16.11.04 >Reporter: Shantanu >Priority: Major > Attachments: Company Tree.jpg, Employee Profile.jpg, > HumanResEvents.java, OFBIZ ISSUES-Excel Sheet_V1 (1).xlsx > > > I've created a sample Internal Organisation called "New Department". > Made a position within it called "New Postion". > Then created an Employee named "Adi Singh" and added him the "New Postion" > and Employed in "New Department" > But in the company tree the name of employee appears as Null. > Please help. > I've attached two images showing the issues. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (OFBIZ-10556) Session gets expired : For FO PDF Download
Murugeswari created OFBIZ-10556: --- Summary: Session gets expired : For FO PDF Download Key: OFBIZ-10556 URL: https://issues.apache.org/jira/browse/OFBIZ-10556 Project: OFBiz Issue Type: Bug Components: ALL COMPONENTS Affects Versions: Release Branch 16.11 Reporter: Murugeswari When we downloading PDF and accessing cross module session gets expired and rendering login page again. For example I am downloading Order FO PDF file and accessing accounting or catalog module session getting expired. This is not happen everytime but for the first time when server is started or restarted. Please help me to fix this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10510) Employee names appear as "Null" in company tree.
[ https://issues.apache.org/jira/browse/OFBIZ-10510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shantanu updated OFBIZ-10510: - Attachment: HumanResEvents.java > Employee names appear as "Null" in company tree. > > > Key: OFBIZ-10510 > URL: https://issues.apache.org/jira/browse/OFBIZ-10510 > Project: OFBiz > Issue Type: Bug > Components: humanres >Affects Versions: 16.11.04 >Reporter: Shantanu >Priority: Major > Attachments: Company Tree.jpg, Employee Profile.jpg, > HumanResEvents.java, OFBIZ ISSUES-Excel Sheet_V1 (1).xlsx > > > I've created a sample Internal Organisation called "New Department". > Made a position within it called "New Postion". > Then created an Employee named "Adi Singh" and added him the "New Postion" > and Employed in "New Department" > But in the company tree the name of employee appears as Null. > Please help. > I've attached two images showing the issues. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"
[ https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits updated OFBIZ-4361: Affects Version/s: Release Branch 17.12 > Any ecommerce user has the ability to reset anothers password (including > admin) via "Forget Your Password" > -- > > Key: OFBIZ-4361 > URL: https://issues.apache.org/jira/browse/OFBIZ-4361 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 11.04, Release Branch 13.07, Release > Branch 14.12, Trunk, Release Branch 15.12, Release Branch 16.11, Release > Branch 17.12 > Environment: Ubuntu and others >Reporter: mz4wheeler >Assignee: Michael Brohl >Priority: Major > Labels: security > Attachments: OFBIZ-4361.patch, OFBIZ-4361_OneScreen.patch, > OFBIZ-4361_ReworkPasswordLogic.patch, OFBIZ-4361_ReworkPasswordLogic.patch > > > Currently, any user (via ecommerce "Forget Your Password") has the ability to > reset another users password, including "admin" without permission. By > simply entering "admin" and clicking "Email Password", the following is > displayed. > The following occurred: > A new password has been created and sent to you. Please check your Email. > This now forces the user of the ERP to change their password. It is also > possible to generate a dictionary attack against ofbiz because there is no > capta code required. This is serious security risk. > This feature could be reduced to a certain sub-set of users, whose login name > is optionally in the format of an email address, and maybe require a capta > code to prevent dictionary attacks. > For example, limit the feature to role "Customer" of type "Person" which was > generated via an ecommerce transaction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"
[ https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Pierre Smits updated OFBIZ-4361: Affects Version/s: Release Branch 13.07 Release Branch 14.12 Release Branch 15.12 Release Branch 16.11 > Any ecommerce user has the ability to reset anothers password (including > admin) via "Forget Your Password" > -- > > Key: OFBIZ-4361 > URL: https://issues.apache.org/jira/browse/OFBIZ-4361 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 11.04, Release Branch 13.07, Release > Branch 14.12, Trunk, Release Branch 15.12, Release Branch 16.11 > Environment: Ubuntu and others >Reporter: mz4wheeler >Assignee: Michael Brohl >Priority: Major > Labels: security > Attachments: OFBIZ-4361.patch, OFBIZ-4361_OneScreen.patch, > OFBIZ-4361_ReworkPasswordLogic.patch, OFBIZ-4361_ReworkPasswordLogic.patch > > > Currently, any user (via ecommerce "Forget Your Password") has the ability to > reset another users password, including "admin" without permission. By > simply entering "admin" and clicking "Email Password", the following is > displayed. > The following occurred: > A new password has been created and sent to you. Please check your Email. > This now forces the user of the ERP to change their password. It is also > possible to generate a dictionary attack against ofbiz because there is no > capta code required. This is serious security risk. > This feature could be reduced to a certain sub-set of users, whose login name > is optionally in the format of an email address, and maybe require a capta > code to prevent dictionary attacks. > For example, limit the feature to role "Customer" of type "Person" which was > generated via an ecommerce transaction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-4361) Any ecommerce user has the ability to reset anothers password (including admin) via "Forget Your Password"
[ https://issues.apache.org/jira/browse/OFBIZ-4361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608958#comment-16608958 ] Pierre Smits commented on OFBIZ-4361: - Due to (externa)l circumstances I did not pay much attention to this ticket in the past. This seems to be a CVE, and should be prioritised as such. > Any ecommerce user has the ability to reset anothers password (including > admin) via "Forget Your Password" > -- > > Key: OFBIZ-4361 > URL: https://issues.apache.org/jira/browse/OFBIZ-4361 > Project: OFBiz > Issue Type: Bug > Components: framework >Affects Versions: Release Branch 11.04, Trunk > Environment: Ubuntu and others >Reporter: mz4wheeler >Assignee: Michael Brohl >Priority: Major > Labels: security > Attachments: OFBIZ-4361.patch, OFBIZ-4361_OneScreen.patch, > OFBIZ-4361_ReworkPasswordLogic.patch, OFBIZ-4361_ReworkPasswordLogic.patch > > > Currently, any user (via ecommerce "Forget Your Password") has the ability to > reset another users password, including "admin" without permission. By > simply entering "admin" and clicking "Email Password", the following is > displayed. > The following occurred: > A new password has been created and sent to you. Please check your Email. > This now forces the user of the ERP to change their password. It is also > possible to generate a dictionary attack against ofbiz because there is no > capta code required. This is serious security risk. > This feature could be reduced to a certain sub-set of users, whose login name > is optionally in the format of an email address, and maybe require a capta > code to prevent dictionary attacks. > For example, limit the feature to role "Customer" of type "Person" which was > generated via an ecommerce transaction. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10307) Navigate from a domain to another with automated signed in authentication
[ https://issues.apache.org/jira/browse/OFBIZ-10307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jacques Le Roux updated OFBIZ-10307: Attachment: OFBIZ-10307.patch OFBIZ-10307-test.patch OFBIZ-10307-test from example.patch > Navigate from a domain to another with automated signed in authentication > - > > Key: OFBIZ-10307 > URL: https://issues.apache.org/jira/browse/OFBIZ-10307 > Project: OFBiz > Issue Type: New Feature > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Major > Fix For: Upcoming Branch > > Attachments: OFBIZ-10307-test from example.patch, OFBIZ-10307-test > from example.patch, OFBIZ-10307-test from example.patch, > OFBIZ-10307-test.patch, OFBIZ-10307-test.patch, OFBIZ-10307-test.patch, > OFBIZ-10307-test.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, > OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, > OFBIZ-10307.patch > > > This will use a JWT Token authentication to get from one domain, where you > are signed in, to another domain where you get signed in automatically. > Something like ExternalLoginKey or Tomcat SSO, but not on the same domain. > This will build upon the initial work done at OFBIZ-9833 which has been > partially reverted in trunk with r1827439 (see OFBIZ-10304) and r1827441. I > explained why and what I did at [https://s.apache.org/a5Km] > I turned to Ajax for the "Authorization" header sending. I initially thought > I'd just pass an "Authorization" header and use it in the > externalServerLoginCheck preprocessor, et voilà. > But I stumbled upon something I did not know well : CORS! And in particular > the upstream control (Pre-verified requests): > > [https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example] > [https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS] > [https://www.w3.org/TR/cors/] > To be able to pass an "Authorization" header, the server must respond > positively in the Preflight HTTP response (OPTIONS). To do this, either you > use a Tomcat filter (or your own filter, there are examples on the Net) or > use HTTPD (or Nginx) configuration on the target server. > I tried Tomcat first, without success. With HTTPD it's easier just 3 lines. > For my tests, future tests by OFBiz users and as an example, I asked infra to > put them in our HTTPD trunk demo config: > Header set Access-Control-Allow-Origin "https://localhost:8443; > Header set Access-Control-Allow-Headers "Authorization" > Header set Access-Control-Allow-Credentials "true" > No code change (either in all web.xml files for Tomcat or Java for own > filter), and more safety. It does not give more right to outsiders than what > we give with the admin credential. > In Header set Access-Control-Allow-Origin you can put more domains. I just > used [https://localhost:8443|https://localhost:8443/] for the tests. > It works in Chrome, Firefox and Opera and partially in IE11 (not tested in > Edge). I did not test Safari, but I guess like other modern browsers it > should work. > For those (very few I guess) interested by IE11 (for Edge test yourself and > report please), here is the solution > > [https://stackoverflow.com/questions/12643960/internet-explorer-10-is-ignoring-xmlhttprequest-xhr-withcredentials-true] > > [https://web.archive.org/web/20130308142134/http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx] > > [https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/] > TODO (maybe) in the future, use the new Fetch API (not available yet): > [https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API] > > Here is a complement about the way it's architectured: > # A change to cookies was introduced with OFBIZ-4959. Actually it was not > really a bug rather a clean-up. The autoLogin cookies were only used by the > ecommerce component and maybe webpos. But all applications were creating such > cookies with a one year duration. They were useless until I needed them for > the feature of this Jira issue. But even if they were safe (httponly) then I > needed them to be clean, not a one year duration (to be as safe as possible, > temporary cookies are better). So after doing it crudely, [inspired by > Taher's suggestion|[https://s.apache.org/qLGC]] I introduced the > keep-autologin-cookie attribute in ofbiz-component.xml. It's used to > remove not kept cookies when login in or out. So those cookies are only kept > during a session. Also a cookie is created when an user jumps from one > application to another on the source domain. These cookies are used when > navigating from a domain to another to guarantee the
[jira] [Commented] (OFBIZ-10472) Rename the misnamed setUserLocale.js to setUserTimeZone.js
[ https://issues.apache.org/jira/browse/OFBIZ-10472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608943#comment-16608943 ] Jacques Le Roux commented on OFBIZ-10472: - Forgot it in Webpos, done at revision: 1840446 > Rename the misnamed setUserLocale.js to setUserTimeZone.js > -- > > Key: OFBIZ-10472 > URL: https://issues.apache.org/jira/browse/OFBIZ-10472 > Project: OFBiz > Issue Type: Improvement > Components: framework >Affects Versions: Trunk >Reporter: Jacques Le Roux >Assignee: Jacques Le Roux >Priority: Trivial > Fix For: Upcoming Branch > > > Because this anme is confusing as it's only about handling user timezone. It > was done with OFBIZ-9264 and improved/fixed since -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (OFBIZ-10555) User should not be able to place order with zero item quantity
[ https://issues.apache.org/jira/browse/OFBIZ-10555?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Suraj Khurana updated OFBIZ-10555: -- Summary: User should not be able to place order with zero item quantity (was: User can place order with zero item quantity) > User should not be able to place order with zero item quantity > -- > > Key: OFBIZ-10555 > URL: https://issues.apache.org/jira/browse/OFBIZ-10555 > Project: OFBiz > Issue Type: Improvement > Components: order >Affects Versions: Upcoming Branch >Reporter: Suraj Khurana >Assignee: Suraj Khurana >Priority: Major > > As per discussion on Dev ML: > [https://markmail.org/thread/dqsyobtcrdomhy7o] > Currently, user can add items to cart with zero quantity and place order, we > need to check cart before placing order and remove items with zero quantity > from it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (OFBIZ-10555) User can place order with zero item quantity
Suraj Khurana created OFBIZ-10555: - Summary: User can place order with zero item quantity Key: OFBIZ-10555 URL: https://issues.apache.org/jira/browse/OFBIZ-10555 Project: OFBiz Issue Type: Improvement Components: order Affects Versions: Upcoming Branch Reporter: Suraj Khurana Assignee: Suraj Khurana As per discussion on Dev ML: [https://markmail.org/thread/dqsyobtcrdomhy7o] Currently, user can add items to cart with zero quantity and place order, we need to check cart before placing order and remove items with zero quantity from it. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-9832) Provide ability for OFBiz to publish plugins to Nexus maven repository
[ https://issues.apache.org/jira/browse/OFBIZ-9832?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608898#comment-16608898 ] Jacques Le Roux commented on OFBIZ-9832: Hi Taher, I stumbled upon this issue by chance. I guess nobody has already begun to work on that, right? > Provide ability for OFBiz to publish plugins to Nexus maven repository > -- > > Key: OFBIZ-9832 > URL: https://issues.apache.org/jira/browse/OFBIZ-9832 > Project: OFBiz > Issue Type: Improvement >Affects Versions: Upcoming Branch >Reporter: Taher Alkhateeb >Priority: Minor > > This JIRA has reference to the > [discussion|http://markmail.org/message/bjvqu23ofwzuk57y] in the community > regarding separating plugins into a separate project. > I have requested from Infra the creation of a maven repository for OFBiz in > INFRA-13924 which they accomplished very quickly. > Now we need to upgrade the plugin manager in build.gradle to provide the > ability to publish all plugins to this remote maven repository. > I am not sure, but this might be a good chance to remove all plugin > management logic from build.gradle and perhaps move it into a gradle-plugin > or another gradle file to reduce the size of build.gradle -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (OFBIZ-10307) Navigate from a domain to another with automated signed in authentication
[
https://issues.apache.org/jira/browse/OFBIZ-10307?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608781#comment-16608781
]
Jacques Le Roux commented on OFBIZ-10307:
-
Here is a simple way to test this mechanism:
# Apply the main patch
{noformat}
OFBIZ-10307.patch{noformat}
# Apply the test patch
{noformat}
OFBIZ-10307-test.patch{noformat}
# Get to [https://localhost:8443/catalog/control/FindCatalog]
# Click on added test button "Target URL"
You should get to [https://jleroux.nereide.fr/content/control/main] without
authenticating
> Navigate from a domain to another with automated signed in authentication
> -
>
> Key: OFBIZ-10307
> URL: https://issues.apache.org/jira/browse/OFBIZ-10307
> Project: OFBiz
> Issue Type: New Feature
> Components: framework
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Assignee: Jacques Le Roux
>Priority: Major
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-10307-test from example.patch, OFBIZ-10307-test
> from example.patch, OFBIZ-10307-test.patch, OFBIZ-10307-test.patch,
> OFBIZ-10307-test.patch, OFBIZ-10307.patch, OFBIZ-10307.patch,
> OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch, OFBIZ-10307.patch
>
>
> This will use a JWT Token authentication to get from one domain, where you
> are signed in, to another domain where you get signed in automatically.
> Something like ExternalLoginKey or Tomcat SSO, but not on the same domain.
> This will build upon the initial work done at OFBIZ-9833 which has been
> partially reverted in trunk with r1827439 (see OFBIZ-10304) and r1827441. I
> explained why and what I did at [https://s.apache.org/a5Km]
> I turned to Ajax for the "Authorization" header sending. I initially thought
> I'd just pass an "Authorization" header and use it in the
> externalServerLoginCheck preprocessor, et voilà.
> But I stumbled upon something I did not know well : CORS! And in particular
> the upstream control (Pre-verified requests):
>
> [https://en.wikipedia.org/wiki/Cross-origin_resource_sharing#Preflight_example]
> [https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]
> [https://www.w3.org/TR/cors/]
> To be able to pass an "Authorization" header, the server must respond
> positively in the Preflight HTTP response (OPTIONS). To do this, either you
> use a Tomcat filter (or your own filter, there are examples on the Net) or
> use HTTPD (or Nginx) configuration on the target server.
> I tried Tomcat first, without success. With HTTPD it's easier just 3 lines.
> For my tests, future tests by OFBiz users and as an example, I asked infra to
> put them in our HTTPD trunk demo config:
> Header set Access-Control-Allow-Origin "https://localhost:8443;
> Header set Access-Control-Allow-Headers "Authorization"
> Header set Access-Control-Allow-Credentials "true"
> No code change (either in all web.xml files for Tomcat or Java for own
> filter), and more safety. It does not give more right to outsiders than what
> we give with the admin credential.
> In Header set Access-Control-Allow-Origin you can put more domains. I just
> used [https://localhost:8443|https://localhost:8443/] for the tests.
> It works in Chrome, Firefox and Opera and partially in IE11 (not tested in
> Edge). I did not test Safari, but I guess like other modern browsers it
> should work.
> For those (very few I guess) interested by IE11 (for Edge test yourself and
> report please), here is the solution
>
> [https://stackoverflow.com/questions/12643960/internet-explorer-10-is-ignoring-xmlhttprequest-xhr-withcredentials-true]
>
> [https://web.archive.org/web/20130308142134/http://msdn.microsoft.com/en-us/library/ms537343%28v=vs.85%29.aspx]
>
> [https://blogs.msdn.microsoft.com/ieinternals/2013/09/17/a-quick-look-at-p3p/]
> TODO (maybe) in the future, use the new Fetch API (not available yet):
> [https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API]
>
> Here is a complement about the way it's architectured:
> # A change to cookies was introduced with OFBIZ-4959. Actually it was not
> really a bug rather a clean-up. The autoLogin cookies were only used by the
> ecommerce component and maybe webpos. But all applications were creating such
> cookies with a one year duration. They were useless until I needed them for
> the feature of this Jira issue. But even if they were safe (httponly) then I
> needed them to be clean, not a one year duration (to be as safe as possible,
> temporary cookies are better). So after doing it crudely, [inspired by
> Taher's suggestion|[https://s.apache.org/qLGC]] I introduced the
> keep-autologin-cookie attribute in ofbiz-component.xml. It's used to
> remove not kept cookies when login in or out. So those cookies are only kept
[jira] [Comment Edited] (OFBIZ-10444) Investigate how to possibly use CSS Grid Layout
[
https://issues.apache.org/jira/browse/OFBIZ-10444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608764#comment-16608764
]
Jacques Le Roux edited comment on OFBIZ-10444 at 9/10/18 6:09 AM:
--
Win7 with IE11 can only partially use it:
https://caniuse.com/#search=css%20grid%20layout
Opera Mini can't use it at all
was (Author: jacques.le.roux):
Win7 with IE11 can only partially use it:
https://caniuse.com/#search=css%20grid%20layout
> Investigate how to possibly use CSS Grid Layout
> ---
>
> Key: OFBIZ-10444
> URL: https://issues.apache.org/jira/browse/OFBIZ-10444
> Project: OFBiz
> Issue Type: New Feature
> Components: ALL APPLICATIONS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Priority: Major
> Fix For: Upcoming Branch
>
>
> After reading [https://alistapart.com/article/cult-of-the-complex], I
> suggested [here|https://markmail.org/message/lz2i4qtdr7yqu3gj] we could
> consider using CSS Grid Layout everywhere in OFBiz instead of js frameworks,
> including
> [Bootstrap|https://www.google.fr/search?q=compare+Bootstrap+to+%22CSS+Grid+Layout%22=UTF-8].
> Quoting myself:
> {quote}Depending the less possible on frameworks seems a good idea to me, and
> the "CSS Grid Layout" seems simple enough to be a viable replacement.
>
> Who knows when Bootstrap will be out of date...
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Comment Edited] (OFBIZ-10444) Investigate how to possibly use CSS Grid Layout
[
https://issues.apache.org/jira/browse/OFBIZ-10444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608764#comment-16608764
]
Jacques Le Roux edited comment on OFBIZ-10444 at 9/10/18 6:08 AM:
--
Win7 with IE11 can only partially use it:
https://caniuse.com/#search=css%20grid%20layout
was (Author: jacques.le.roux):
Win7 with IE11 can't use it: https://caniuse.com/#search=css%20grid%20layout
> Investigate how to possibly use CSS Grid Layout
> ---
>
> Key: OFBIZ-10444
> URL: https://issues.apache.org/jira/browse/OFBIZ-10444
> Project: OFBiz
> Issue Type: New Feature
> Components: ALL APPLICATIONS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Priority: Major
> Fix For: Upcoming Branch
>
>
> After reading [https://alistapart.com/article/cult-of-the-complex], I
> suggested [here|https://markmail.org/message/lz2i4qtdr7yqu3gj] we could
> consider using CSS Grid Layout everywhere in OFBiz instead of js frameworks,
> including
> [Bootstrap|https://www.google.fr/search?q=compare+Bootstrap+to+%22CSS+Grid+Layout%22=UTF-8].
> Quoting myself:
> {quote}Depending the less possible on frameworks seems a good idea to me, and
> the "CSS Grid Layout" seems simple enough to be a viable replacement.
>
> Who knows when Bootstrap will be out of date...
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Commented] (OFBIZ-10444) Investigate how to possibly use CSS Grid Layout
[
https://issues.apache.org/jira/browse/OFBIZ-10444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16608764#comment-16608764
]
Jacques Le Roux commented on OFBIZ-10444:
-
Win7 with IE11 can't use it: https://caniuse.com/#search=css%20grid%20layout
> Investigate how to possibly use CSS Grid Layout
> ---
>
> Key: OFBIZ-10444
> URL: https://issues.apache.org/jira/browse/OFBIZ-10444
> Project: OFBiz
> Issue Type: New Feature
> Components: ALL APPLICATIONS
>Affects Versions: Trunk
>Reporter: Jacques Le Roux
>Priority: Major
> Fix For: Upcoming Branch
>
>
> After reading [https://alistapart.com/article/cult-of-the-complex], I
> suggested [here|https://markmail.org/message/lz2i4qtdr7yqu3gj] we could
> consider using CSS Grid Layout everywhere in OFBiz instead of js frameworks,
> including
> [Bootstrap|https://www.google.fr/search?q=compare+Bootstrap+to+%22CSS+Grid+Layout%22=UTF-8].
> Quoting myself:
> {quote}Depending the less possible on frameworks seems a good idea to me, and
> the "CSS Grid Layout" seems simple enough to be a viable replacement.
>
> Who knows when Bootstrap will be out of date...
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
