bug #6886
closed
Entity creation for users having only CREATE may fail in long running conversations
Added by Andreas Kohlbecker over 6 years ago.
Updated over 6 years ago.
Description
I observed the following problems while implementing the ExtendedCreatePermissionManager for #6867
when this sequence is used (snipped from CdmStore.java):
T mergedBean = mergedBean(bean);
repo.getCommonService().save(mergedBean);
session.flush();
the flush causes the bean being saved a second time, since hibernate assumes that the entity is dirty and schedules a save operation. For this save the user would need the UPDATE permission, and the save operation fails.
- Subject changed from entity creation for users havon only CRATE may fail in long running conversations to entity creation for users havon only CREATE may fail in long running conversations
- Related to feature request #4305: newly created entities must stay editable even if a user only has the permission to create them added
- Related to feature request #6867: explicitely assign and revoke UPDATE & DELETE permission per enitity in the registration workflow added
- Subject changed from entity creation for users havon only CREATE may fail in long running conversations to Entity creation for users having only CREATE may fail in long running conversations
- Description updated (diff)
I attempted to write a test to reproduce this issue but had other problems which prevented me from completing this test class.
- Related to bug #6885: UserService.loadUserByUsername() cannot find user in long running session added
- Description updated (diff)
- Is duplicate of bug #7021: CREATE permission not sufficient to save new TaxonName entity added
- Status changed from New to Duplicate
- Target version deleted (
Unassigned CDM tickets)
This is a duplicate of #7021 which meanwhile provides more details.
Also available in: Atom
PDF