Window Toolbar attached processes are doesn't validate role access

Description

Hi, we have tested 7.1 and found toolbar attached processes don't validate role access.

suggested behaviour: processed attached to the toolbar must consider logged in user role access definition.

Environment

tested 3.1 & 7.1

Activity

Show:
Norbert Bede
September 16, 2020, 11:41 AM
Nicolas Micoud
September 16, 2020, 11:46 AM

Hi,
my2cents : should have been fixed via https://idempiere.atlassian.net/browse/IDEMPIERE-2275

Norbert Bede
September 16, 2020, 11:47 AM

can’t be - it was reproduced in 7.1z - preparing PR.

Igor Pojzl
September 16, 2020, 12:54 PM

Created PR, added Role check on ToolbarButtons added from Columns. (AD_Column, Type:Button, IsToolbarButton = 'Y')

Carlos Ruiz
September 20, 2020, 12:31 PM

Test case reproducible in vanilla GardenWorld:

  • Role=GardenWorld User

  • Window=View Allocation

  • Button=Reset Allocation Direct

  • Executing the button throws -> You cannot access process [Reset Allocation Direct] with your role : GardenWorld User

Assignee

Carlos Ruiz

Reporter

Norbert Bede

Labels

None

Tested By

None

Components

Priority

Major
Configure