Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply role permissions when browsing/editing data #341

Closed
teosarca opened this issue May 4, 2017 · 5 comments
Closed

Apply role permissions when browsing/editing data #341

teosarca opened this issue May 4, 2017 · 5 comments
Assignees
@metas-lc @metas-dh
Labels
branch:master branch:release priority:high type:bug
Milestone
2017-22

Comments

@teosarca
Copy link
Member

teosarca commented May 4, 2017
edited
Loading

Is this a bug or feature request?

Bug

What is the current behavior?

When browsing or editing documents or views the role permissions are not applied at all.
So basically, you can view, edit, delete system records as a regular user.

Which are the steps to reproduce?

Login with non-System role:

  1. browse AD_Elements which shall be visible only for SysAdm: https://w101.metasfresh.com:8443/window/151
    => shall not be allowed

  2. browse currencies: https://w101.metasfresh.com:8443/window/115 => shall be visible

  • select one => shall be readonly if Client=System
Login with System role:

steps above shall work

NOTE to IT:

  • pls come up with more tests
  • full regression on Swing and Webui is needed :(
@teosarca teosarca added this to the 2017-19 milestone May 4, 2017
teosarca added a commit that referenced this issue May 4, 2017
@teosarca
UserSession.getCurrentPermissions()
d40de9c 
#341
teosarca added a commit that referenced this issue May 4, 2017
@teosarca
javadoc
c66e688 
#341
teosarca added a commit that referenced this issue May 4, 2017
@teosarca
load GridWindowVOs without applying role permissions
e442b2d 
#341
teosarca added a commit that referenced this issue May 4, 2017
@teosarca
apply role permissions on documents and views
6e10f04 
#341
teosarca added a commit that referenced this issue May 4, 2017
@teosarca
migration scripts logger; ignore T_WEBUI_ViewSelection table
113d3f5 
#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 4, 2017
@teosarca
GridWindowVO: option to load it without applying the role permissions
fd98bcd 
required for webui

metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 4, 2017
@teosarca
minor
91fa595 
metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 4, 2017
@teosarca
add more convenient methods to ElementPermission(s)
1d26716 
metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 4, 2017
@teosarca
TableAccessLevel.forClientOrg
c6c326b 
metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 4, 2017
@teosarca
IUserRolePermissions: more helper methods; hide those which were not …
388185d 
…used

metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 5, 2017
@teosarca
Add dummy tab to Issue/Receipt window
3281a43 
the only reason we add this empty tab is because we want this
"placeholder" window to be discovered by role access update process.

metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit to metasfresh/metasfresh that referenced this issue May 5, 2017
@teosarca
guard againt NPE on AdempiereException.setParameter
dc56cea 
metasfresh/metasfresh-webui-api-legacy#341
teosarca added a commit that referenced this issue May 5, 2017
@teosarca
export "exceptionAttributes" to json
5fc8956 
#341
@teosarca
Copy link
Member Author

teosarca commented May 5, 2017

fixed: the manufacturing order -> Issue / Receipt could not be open.

metas-ts added a commit to metasfresh/metasfresh that referenced this issue May 5, 2017
@metas-ts
complement the ReleaseNotes.md
0e95724 
[#702](metasfresh/metasfresh-webui-frontend-legacy#702) Running a process from menu does not work, again
[#342](metasfresh/metasfresh-webui-api-legacy#342) Exception in WebUI when opening initial Doc Outbound window
[#886](#866) Make payment callouts work in webui
[#341](metasfresh/metasfresh-webui-api-legacy#341) Apply role permissions when browsing/editing data
[#340](metasfresh/metasfresh-webui-api-legacy#340) Manufacturing order: Prevent issuing VHUs which are not top level
[#700](metasfresh/metasfresh-webui-frontend-legacy#700) Typeahead not working in lookup filter parameters
[#1435](#1435) Add method for Escaping '@' char, by replacing one @ with double @@
[#330](metasfresh/metasfresh-webui-api-legacy#330) Implement webui HUEditor support for massive amount of HUs
[#1315](#1315) 2D Barcode wit ad_table_id/ record_id on bestellkontrolle
[#675](metasfresh/metasfresh-webui-frontend-legacy#675) Icons for manufacturing components
[#334](metasfresh/metasfresh-webui-api-legacy#334) switch filters to primary layout
[#697](metasfresh/metasfresh-webui-frontend-legacy#697) New Businesspartner modal overlay cancel
[#257](metasfresh/metasfresh-webui-api-legacy#257) BPartner contact cannot be saved because mandatory field Name is not set

me-45
@metas-dh metas-dh self-assigned this May 5, 2017
@metas-dh
Copy link
Member

metas-dh commented May 8, 2017
edited
Loading

Results of IT1
tested on w101 et al., WebUI & Swing

repeated testcases above:

Swing:

  • i noticed the same role for different Orgs had access to a different numbers of windows etc. (e.g. Handel): could this be caused by this task? (see testing chat for details)

teosarca added a commit that referenced this issue May 9, 2017
@teosarca
getLayout: enforce window access (i.e. fail fast)
fad57fe 
#341
@teosarca
Copy link
Member Author

teosarca commented May 9, 2017

minor fix to enforce window access when the frontend acquires the window layouts

@metas-mk metas-mk modified the milestones: 2017-22, 2017-19 May 31, 2017
@metas-lc metas-lc self-assigned this Jun 22, 2017
@metas-lc
Copy link

metas-lc commented Jun 23, 2017
edited
Loading

IT

  • testcases above work fine (element and currency)

  • swing:

  • log in with other role than admin, org 2
    => you can see only docs for org 2 OK
    => you can create docs only for org 2 OK

  • log in with admin, org 2
    => you can see docs for org 1 and org 2 OK??
    => you can create docs for org 1 and org 2 OK??
    admin role and different orgs metasfresh#1881

  • log in with admin, org 1 (main org)
    => you can see docs for org 1 and 2 OK
    => you can create docs for org 1 and org 2 OK

  • webui

  • log in with other role than admin, org 2
    => you can see only docs for org 2 OK
    (cannot open in doc view some sales orders for org 2 - one i created today. role permission. but i see it in gridview OK??)
    role acces error in sales order on document view #473
    => you can create docs for org 2 OK

  • log in with admin, org 2
    => there isn't this option OK??

  • swing and webui: check which windows you should have access and which not, then see if you can open them
    => if a window is readonly for a rolle then you can't edit it. For other rolles works like before OK
    => if you don't gave permission for window A then you won't even see it in menu. Trying to acces it directly with link will throw access error OK

@metasnw
Copy link
Member

metasnw commented Jun 26, 2017

@metas-lc if role admin has access to all orgs your cases seem fine to me

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@metas-lc metas-lc

@metas-dh metas-dh

Labels
branch:master branch:release priority:high type:bug
Projects
None yet
Milestone
2017-22
Development

No branches or pull requests
6 participants
@teosarca @metas-ts @metas-mk @metas-lc @metasnw @metas-dh