Project

General

Profile

bug #6886

Entity creation for users having only CREATE may fail in long running conversations

Added by Andreas Kohlbecker almost 2 years ago. Updated over 1 year ago.

Status:
Duplicate
Priority:
New
Category:
cdmlib
Target version:
-
Start date:
08/04/2017
Due date:
% Done:

0%

Severity:
normal
Found in Version:
Tags:

Description

I observed the following problems while implementing the ExtendedCreatePermissionManager for #6867

when this sequence is used (snipped from CdmStore.java):


T mergedBean = mergedBean(bean);
repo.getCommonService().save(mergedBean);
session.flush();

the flush causes the bean being saved a second time, since hibernate assumes that the entity is dirty and schedules a save operation. For this save the user would need the UPDATE permission, and the save operation fails.


Related issues

Related to Edit - feature request #4305: newly created entities must stay editable even if a user only has the permission to create them In Progress 08/06/2014
Related to Edit - feature request #6867: explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow Closed 12/21/2017
Related to Edit - bug #6885: UserService.loadUserByUsername() cannot find user in long running session New 08/04/2017
Duplicates Edit - bug #7021: CREATE permission not sufficient to save new TaxonName entity Resolved 10/17/2017

Associated revisions

Revision 3795d1bf (diff)
Added by Andreas Kohlbecker almost 2 years ago

ref #6886 test to repoduce issue with users having only CREATE permission

History

#1 Updated by Andreas Kohlbecker almost 2 years ago

  • Subject changed from entity creation for users havon only CRATE may fail in long running conversations to entity creation for users havon only CREATE may fail in long running conversations

#2 Updated by Andreas Kohlbecker almost 2 years ago

  • Related to feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added

#3 Updated by Andreas Kohlbecker almost 2 years ago

  • Related to feature request #6867: explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow added

#4 Updated by Andreas Müller almost 2 years ago

  • Subject changed from entity creation for users havon only CREATE may fail in long running conversations to Entity creation for users having only CREATE may fail in long running conversations

#5 Updated by Andreas Kohlbecker almost 2 years ago

  • Description updated (diff)

#6 Updated by Andreas Kohlbecker almost 2 years ago

I attempted to write a test to reproduce this issue but had other problems which prevented me from completing this test class.

#7 Updated by Andreas Kohlbecker almost 2 years ago

  • Related to bug #6885: UserService.loadUserByUsername() cannot find user in long running session added

#8 Updated by Andreas Kohlbecker almost 2 years ago

  • Description updated (diff)

#9 Updated by Andreas Kohlbecker over 1 year ago

  • Duplicates bug #7021: CREATE permission not sufficient to save new TaxonName entity added

#10 Updated by Andreas Kohlbecker over 1 year ago

  • Status changed from New to Duplicate
  • Target version deleted (Unassigned CDM tickets)

This is a duplicate of #7021 which meanwhile provides more details.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)