Custom Query (73 matches)
Results (1 - 3 of 73)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #105 | fixed | InventoryItemPurchase's can't be deleted when order quantity = 0 | ||
| Description |
The rollback deletion is failing. This is working perfectly when ordered quantity > 0 but fails (and allows the order to be deleted) when order quantity = 0. java.lang.NullPointerException: Cannot get property 'id' on null object at InventoryMovementService$_reverseMove_closure1.doCall(InventoryMovementService.groovy:20) at $Proxy16.doInTransaction(Unknown Source) at InventoryMovementService.reverseMove(InventoryMovementService.groovy:9) at InventoryMovementService$reverseMove.call(Unknown Source) at InventoryPurchaseService$_delete_closure5.doCall(InventoryPurchaseService.groovy:196) at $Proxy16.doInTransaction(Unknown Source) at InventoryPurchaseService.delete(InventoryPurchaseService.groovy:125) at InventoryPurchaseService$delete.call(Unknown Source) at InventoryItemPurchaseDetailedController$_closure5.doCall(InventoryItemPurchaseDetailedController.groovy:198) |
|||
| #98 | fixed | Annotation based security is easy to bypass by adding ".html' to the URL | ||
| Description |
Upstream security issue, see: http://jira.grails.org/browse/GPACEGI-41 Recommended fix is to set Config.groovy: grails.mime.file.extensions = false This did not leave gnuMims completely open to the world since gnuMims was configured with pessimistic security. However a logged in user may access urls that they are not authorised to. |
|||
| #97 | fixed | Drop the entire Manufacturer domain concept | ||
| Description |
Following on from ticket #96, the entire Manufacturer domain class is hardly used and can be removed. |
|||
Note: See TracQuery
for help on using queries.
