Hi all, Recently a bug [1] that prevents a callout execution depending on the role has been found. The problem is this callout is using DAL without doing a proper management of security [2]. In this case the problem arises when you execute the callout with a role without access to Product table, the code tries to instantiate a product but it has not permission to do so. In this case the solution would be to set DAL's admin mode [3] to perform this, since callouts are executed regardless permissions.
Please, ensure whenever you make use of DAL to manage security properly, taking into account that default security prevents reading/writting from tables without explicit access, and in case it is necessary to do so, this must be explicitly specified. [1] https://issues.openbravo.com/view.php?id=12651 [2] http://wiki.openbravo.com/wiki/Projects/Data_Access_Layer/DAL_Developers_Manual#Security_and_Validation [3] http://wiki.openbravo.com/wiki/Projects/Data_Access_Layer/DAL_Developers_Manual#Administrator_Mode ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Openbravo-development mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openbravo-development
