[jira] [Commented] (OFBIZ-10577) New Feature: Inventory Cycle Count
[ https://issues.apache.org/jira/browse/OFBIZ-10577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17010797#comment-17010797 ] Yashwant Dhakad commented on OFBIZ-10577: - Sure, Pierre, I will update this field and end of this week I will add a patch for this new feature. > New Feature: Inventory Cycle Count > -- > > Key: OFBIZ-10577 > URL: https://issues.apache.org/jira/browse/OFBIZ-10577 > Project: OFBiz > Issue Type: New Feature > Components: hhfacility >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Yashwant Dhakad >Priority: Major > Attachments: OFBIZ-10577-Database-Changes.patch > > > *Here are the design notes for cycle count workflow:* > *Find Session Screen:* In this screen, we will show all the sessions created > in the system with respect to the facility, locations, inventory count item, > current status, and created date. We have a search field to filter the > records on the basis of the facility, status. > *Find Pending Locations:* In this screen, we have a table listing all the > pending locations whose countings are pending and we can create a session for > them. All details regarding the pending locations are listed here with the > location, next count date, last count date and days extended for the count, > total inventory item and product for this location. We have facets for > filtering the records on the basis of the facility, not scanned since and > scheduled for next scan. Also, we have a global search at the top of the > screen. In Pending Locations screen, we have a Create Session button. To > create a session we can either select one or more records from the below list > or create a new session by yourself. > In Create Session screen, the basic overview is shown in the "Overview" > section and the items are listed in the "Items" section. We can create a new > line item by clicking on the 'Add' button and we can also update the item > quantity. After completing this, we can proceed with this session and mark it > with 'Pending for Review' status from the 'Status' button at the top of the > screen or we can simply 'Reject'. 'Reject' status button is available at the > top of the screen. > *Find Review Screen:* In this screen, we have a table listing all the > locations pending for the review. All the details regarding the review > sessions are listed with the facility, locations and counted inventory item. > We have facets for filtering records on the basis of the facility. By > clicking any session we can go to its detail screen, where basic details > regarding this session are listed in the 'Overview' section and items are > listed in the 'Items' section. We can select any number of rows and mark them > as 'Accept' or 'Reject'. When these items are marked as 'Accepted' then the > variance is created and these are added in the Count Progress report. Only > authorized persons can accept or reject the sessions and once the session is > accepted it is marked as 'Completed'. > *Count Progress Report:* In this screen, User can view the advanced counting > related analytics with respect to all the 'Completed' status session from > Reports Screen. We can filter the records on the basis of the facility and > within the date range. We can also see the percentage of the total locations, > inventory items counted and errors occurred during the process. Item variance > details are listed in the below section in tabular form. > Following changes to the existing data model to support end to end counting > process flow: > *New entities:* > *InventoryCount* > inventoryCountId > uploadedByUserLogin > facilityId > statusId > createdDatetime > *InventoryCountItem* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > itemStatusId > locationSeqId > productId > productIdentifier > quantity > *InventoryCountVariance* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > productId > productIdentifier > locationSeqId > systemQuantityOnHand > actualQuantityOnHand > varianceQuantityOnHand > totalCost > actualCost > costVariance > actualValue > totalValue > valueVariance > unitCost > ***Extended entity:* > *FacilityLocation* > locked > lastCountDate > nextCountDate > **We will prevent the following inbound and outbound transactions within the > application if the location is locked for counting: > Inventory Transfer > Issuance against Sales Order > Sales Return receiving > Inventory receive > Issuance and return inventory in manufacturing Job > Kit breakup > Update Location > Physical Variance creation > The locked locations won’t have any bearing on the transactions that are > affecting the only ATP of parts
[jira] [Commented] (OFBIZ-10577) New Feature: Inventory Cycle Count
[ https://issues.apache.org/jira/browse/OFBIZ-10577?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17010705#comment-17010705 ] Pierre Smits commented on OFBIZ-10577: -- In your suggestion for the InventoryCount entity you're stating *uploadedByUserLogin*. I suggest you stick to the standard fields for capturing who created and updated the records and when this happened. ** > New Feature: Inventory Cycle Count > -- > > Key: OFBIZ-10577 > URL: https://issues.apache.org/jira/browse/OFBIZ-10577 > Project: OFBiz > Issue Type: New Feature > Components: hhfacility >Affects Versions: Trunk >Reporter: Yashwant Dhakad >Assignee: Yashwant Dhakad >Priority: Major > Attachments: OFBIZ-10577-Database-Changes.patch > > > *Here are the design notes for cycle count workflow:* > *Find Session Screen:* In this screen, we will show all the sessions created > in the system with respect to the facility, locations, inventory count item, > current status, and created date. We have a search field to filter the > records on the basis of the facility, status. > *Find Pending Locations:* In this screen, we have a table listing all the > pending locations whose countings are pending and we can create a session for > them. All details regarding the pending locations are listed here with the > location, next count date, last count date and days extended for the count, > total inventory item and product for this location. We have facets for > filtering the records on the basis of the facility, not scanned since and > scheduled for next scan. Also, we have a global search at the top of the > screen. In Pending Locations screen, we have a Create Session button. To > create a session we can either select one or more records from the below list > or create a new session by yourself. > In Create Session screen, the basic overview is shown in the "Overview" > section and the items are listed in the "Items" section. We can create a new > line item by clicking on the 'Add' button and we can also update the item > quantity. After completing this, we can proceed with this session and mark it > with 'Pending for Review' status from the 'Status' button at the top of the > screen or we can simply 'Reject'. 'Reject' status button is available at the > top of the screen. > *Find Review Screen:* In this screen, we have a table listing all the > locations pending for the review. All the details regarding the review > sessions are listed with the facility, locations and counted inventory item. > We have facets for filtering records on the basis of the facility. By > clicking any session we can go to its detail screen, where basic details > regarding this session are listed in the 'Overview' section and items are > listed in the 'Items' section. We can select any number of rows and mark them > as 'Accept' or 'Reject'. When these items are marked as 'Accepted' then the > variance is created and these are added in the Count Progress report. Only > authorized persons can accept or reject the sessions and once the session is > accepted it is marked as 'Completed'. > *Count Progress Report:* In this screen, User can view the advanced counting > related analytics with respect to all the 'Completed' status session from > Reports Screen. We can filter the records on the basis of the facility and > within the date range. We can also see the percentage of the total locations, > inventory items counted and errors occurred during the process. Item variance > details are listed in the below section in tabular form. > Following changes to the existing data model to support end to end counting > process flow: > *New entities:* > *InventoryCount* > inventoryCountId > uploadedByUserLogin > facilityId > statusId > createdDatetime > *InventoryCountItem* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > itemStatusId > locationSeqId > productId > productIdentifier > quantity > *InventoryCountVariance* > inventoryCountId > inventoryCountItemSeqId > inventoryItemId > productId > productIdentifier > locationSeqId > systemQuantityOnHand > actualQuantityOnHand > varianceQuantityOnHand > totalCost > actualCost > costVariance > actualValue > totalValue > valueVariance > unitCost > ***Extended entity:* > *FacilityLocation* > locked > lastCountDate > nextCountDate > **We will prevent the following inbound and outbound transactions within the > application if the location is locked for counting: > Inventory Transfer > Issuance against Sales Order > Sales Return receiving > Inventory receive > Issuance and return inventory in manufacturing Job > Kit breakup > Update Location > Physical Variance creation > The
[jira] [Updated] (OFBIZ-10577) New Feature: Inventory Cycle Count
[ https://issues.apache.org/jira/browse/OFBIZ-10577?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yashwant Dhakad updated OFBIZ-10577: Description: *Here are the design notes for cycle count workflow:* *Find Session Screen:* In this screen, we will show all the sessions created in the system with respect to the facility, locations, inventory count item, current status, and created date. We have a search field to filter the records on the basis of the facility, status. *Find Pending Locations:* In this screen, we have a table listing all the pending locations whose countings are pending and we can create a session for them. All details regarding the pending locations are listed here with the location, next count date, last count date and days extended for the count, total inventory item and product for this location. We have facets for filtering the records on the basis of the facility, not scanned since and scheduled for next scan. Also, we have a global search at the top of the screen. In Pending Locations screen, we have a Create Session button. To create a session we can either select one or more records from the below list or create a new session by yourself. In Create Session screen, the basic overview is shown in the "Overview" section and the items are listed in the "Items" section. We can create a new line item by clicking on the 'Add' button and we can also update the item quantity. After completing this, we can proceed with this session and mark it with 'Pending for Review' status from the 'Status' button at the top of the screen or we can simply 'Reject'. 'Reject' status button is available at the top of the screen. *Find Review Screen:* In this screen, we have a table listing all the locations pending for the review. All the details regarding the review sessions are listed with the facility, locations and counted inventory item. We have facets for filtering records on the basis of the facility. By clicking any session we can go to its detail screen, where basic details regarding this session are listed in the 'Overview' section and items are listed in the 'Items' section. We can select any number of rows and mark them as 'Accept' or 'Reject'. When these items are marked as 'Accepted' then the variance is created and these are added in the Count Progress report. Only authorized persons can accept or reject the sessions and once the session is accepted it is marked as 'Completed'. *Count Progress Report:* In this screen, User can view the advanced counting related analytics with respect to all the 'Completed' status session from Reports Screen. We can filter the records on the basis of the facility and within the date range. We can also see the percentage of the total locations, inventory items counted and errors occurred during the process. Item variance details are listed in the below section in tabular form. Following changes to the existing data model to support end to end counting process flow: *New entities:* *InventoryCount* inventoryCountId uploadedByUserLogin facilityId statusId createdDatetime *InventoryCountItem* inventoryCountId inventoryCountItemSeqId inventoryItemId itemStatusId locationSeqId productId productIdentifier quantity *InventoryCountVariance* inventoryCountId inventoryCountItemSeqId inventoryItemId productId productIdentifier locationSeqId systemQuantityOnHand actualQuantityOnHand varianceQuantityOnHand totalCost actualCost costVariance actualValue totalValue valueVariance unitCost ***Extended entity:* *FacilityLocation* locked lastCountDate nextCountDate **We will prevent the following inbound and outbound transactions within the application if the location is locked for counting: Inventory Transfer Issuance against Sales Order Sales Return receiving Inventory receive Issuance and return inventory in manufacturing Job Kit breakup Update Location Physical Variance creation The locked locations won’t have any bearing on the transactions that are affecting the only ATP of parts i.e. Reserving component for Jobs/Sales Orders etc. as they don’t affect QOH in any way. was: *Here are the design notes for cycle count workflow:* *Find Session Screen:* In this screen, we will show all the sessions created in the system with respect to the facility, locations, inventory count item, current status, and created date. We have a search field to filter the records on the basis of the facility, status. *Find Pending Locations:* In this screen, we have a table listing all the pending locations whose countings are pending and we can create a session for them. All details regarding the pending locations are listed here with the location, next count date, last count date and days extended for the count, total inventory item and product for this
[jira] [Commented] (OFBIZ-11306) POC for CSRF Token
[
https://issues.apache.org/jira/browse/OFBIZ-11306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17010581#comment-17010581
]
Jacques Le Roux commented on OFBIZ-11306:
-
Another point I wanted to discuss with you is about "csrf tokens as URL
parameters".
If I refer to [OWASP Disclosure of Token in
URL|https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#disclosure-of-token-in-url]
it's not recommended. It's not even needed for "embedded links in the page" or
"or other general design patterns" (for us pagination, or in js trees, for
instance) which I believe are the most cases we us them.
It's really a bad thing if you use an unique per-session token, which is not
our case, one worry less.
In OFBiz some post calls are actually nothing more than get calls, like
{code:html}
https://localhost:8443/catalog/control/EditProdCatalog?csrfToken=V3TVvfsQVoM8;
style="margin: 0;" name="EditProdCatalogForm">
Edit Catalog with Catalog ID:
OR:
https://localhost:8443/catalog/control/EditProdCatalog?csrfToken=V3TVvfsQVoM8;
class="buttontext">Create New Catalog
{code}
There again there is no possible harm, since nothing can be changed with this
link.
But there are cases which should not be, like
{code:html}
Catalog ID
[...]
{code}
So we need to remove csrfTokens from cases like this one. Anyway, I need to now
review the Java code. I'll get back to you then.
Thanks for your very good start!
> POC for CSRF Token
> --
>
> Key: OFBIZ-11306
> URL: https://issues.apache.org/jira/browse/OFBIZ-11306
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
>Affects Versions: Upcoming Branch
>Reporter: James Yong
>Assignee: Jacques Le Roux
>Priority: Minor
> Labels: CSRF
> Fix For: Upcoming Branch
>
> Attachments: OFBIZ-11306-v2.patch, OFBIZ-11306.patch,
> OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch,
> OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch, OFBIZ-11306.patch,
> OFBIZ-11306.patch, OFBIZ-11306_Plugins.patch, OFBIZ-11306_Plugins.patch,
> OFBIZ-11306_Plugins.patch
>
>
> CRSF tokens are generated using CSRF Guard library and used in:
> 1) In widget form where a hidden token field is auto-generated.
> 2) In FTL form where a <@csrfTokenField> macro is used to generate the csrf
> token field.
> 3) In Ajax call where a <@csrfTokenAjax> macro is used to assign csrf token
> to X-CSRF-Token in request header.
> CSRF tokens are stored in the user sessions, and verified during POST request.
> A new attribute i.e. csrf-token is added to the security tag to exempt CSRF
> token check.
> Certain request path, like LookupPartyName, can be exempt from CSRF token
> check during Ajax POST call.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
