[jira] Created: (OFBIZ-2466) ProtectedViews aren't limiting by user login, just view name

ProtectedViews aren't limiting by user login, just view name
------------------------------------------------------------

                 Key: OFBIZ-2466
                 URL: https://issues.apache.org/jira/browse/OFBIZ-2466
             Project: OFBiz
          Issue Type: Bug
          Components: framework
    Affects Versions: Release Branch 9.04, SVN trunk
         Environment: N/A
            Reporter: Ray Barlow
             Fix For: SVN trunk
         Attachments: ProtectedViews.patch

The initial lookup is filtered to login and view but once that restriction is found the next stage stores the hit in the xxxxAccessed variables only using the view name.

This effectively causes any user logins with the same role/restrictions to be tar pitted for all logins rather than just the individual login that triggered the failure. Basically as soon as user A gets locked out for too much usage user B gets locked out as well.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ray Barlow updated OFBIZ-2466:
------------------------------

    Attachment: ProtectedViews.patch

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-2466.
----------------------------------

       Resolution: Fixed
    Fix Version/s: Release Branch 9.04
         Assignee: Ray Barlow

Indeed!

Thanks for your patch Ray, it's commited in trunk at r774014 and R9.04 r774086.

--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.