Project

General

Profile

bug #7541

Insufficient rights lead to corrupted UI handling

Added by Patrick Plitzner 7 months ago. Updated 3 months ago.

Status:
In Progress
Priority:
New
Assignee:
Category:
taxeditor
Target version:
Start date:
07/10/2018
Due date:
% Done:

40%

Severity:
major
Found in Version:
Tags:

Description

WGB:

wir haben angefangen die Iresines einzugeben. Auf Sophias Rechner traten dabei merkwürdige Fehler auf, und zwar konnte sie den Cursor im NameEditor nicht setzen – das Fenster bekam zwar den Fokus (es wurden Details der letzten Auswahl angezeigt), aber nicht für Eingaben, der blieb auf dem Search bzw. Navigator stehen. Durch hin-und herschalten zwischen den Fenstern bekam man den Cursor dann irgendwann hin. Aber nach Ändern eines Eintrags und Safe gab’s den u.a. Fehler.

Das mit dem Cursor lag eventuell daran, dass die Rechte nicht stimmten. ...


WGB:

das mit dem fehlenden Fokus im NameEditor tritt häufiger auf – nach einiger Zeit kann man Einträge nicht mehr auswählen.


login : s.wutke

editor version : 5.1.2

server : api.cybertaxonomy.org (cybertaxonomy.org) / caryophyllales_spp

schema version : 5.0.0.0.20180514

os : Windows 7 6.1 amd64

java : 1.8.0_161

org.eclipse.e4.core.di.InjectionException: org.springframework.orm.hibernate5.HibernateSystemException: [UPDATE] not permitted for 's.wutke' on Reference[uuid:5afae854-cd2b-43ed-99b3-073345adc904', toString:'Reference [type=Article, id= 20358, uuid=5afae854-cd2b-43ed-99b3-073345adc904]']; nested exception is eu.etaxonomy.cdm.database.PermissionDeniedException: [UPDATE] not permitted for 's.wutke' on Reference[uuid:5afae854-cd2b-43ed-99b3-073345adc904', toString:'Reference [type=Article, id= 20358, uuid=5afae854-cd2b-43ed-99b3-073345adc904]']

                at org.eclipse.e4.core.internal.di.MethodRequestor.execute(MethodRequestor.java:65)

                at org.eclipse.e4.core.internal.di.InjectorImpl.invokeUsingClass(InjectorImpl.java:282)

                at org.eclipse.e4.core.internal.di.InjectorImpl.invoke(InjectorImpl.java:247)

                at org.eclipse.e4.core.contexts.ContextInjectionFactory.invoke(ContextInjectionFactory.java:90)

                at org.eclipse.e4.ui.internal.workbench.PartServiceSaveHandler.save(PartServiceSaveHandler.java:57)

                at org.eclipse.ui.internal.WorkbenchWindow$7.save(WorkbenchWindow.java:594)

                at org.eclipse.e4.ui.internal.workbench.PartServiceImpl.savePart(PartServiceImpl.java:1390)

                at org.eclipse.e4.ui.workbench.renderers.swt.StackRenderer.closePart(StackRenderer.java:1295)

                at org.eclipse.e4.ui.workbench.renderers.swt.StackRenderer.access$2(StackRenderer.java:1278)

                at org.eclipse.e4.ui.workbench.renderers.swt.StackRenderer$7.close(StackRenderer.java:1163)

                at org.eclipse.swt.custom.CTabFolder.onMouse(CTabFolder.java:1930)

                at org.eclipse.swt.custom.CTabFolder$1.handleEvent(CTabFolder.java:338)

                at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)

                at org.eclipse.swt.widgets.Display.sendEvent(Display.java:4418)

                at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1079)

                at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4236)

                at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3824)

                at org.eclipse.e4.ui.internal.workbench.swt.PartRenderingEngine$4.run(PartRenderingEngine.java:1121)

                at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:336)

                at org.eclipse.e4.ui.internal.workbench.swt.PartRenderingEngine.run(PartRenderingEngine.java:1022)

                at org.eclipse.e4.ui.internal.workbench.E4Workbench.createAndRunUI(E4Workbench.java:150)

                at org.eclipse.ui.internal.Workbench$5.run(Workbench.java:693)

                at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:336)

                at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:610)

                at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:148)

                at eu.etaxonomy.taxeditor.Application.start(Application.java:24)

                at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196)

                at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:134)

                at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:104)

                at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:388)

                at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:243)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:673)

                at org.eclipse.equinox.launcher.Main.basicRun(Main.java:610)

                at org.eclipse.equinox.launcher.Main.run(Main.java:1519)

Caused by: org.springframework.orm.hibernate5.HibernateSystemException: [UPDATE] not permitted for 's.wutke' on Reference[uuid:5afae854-cd2b-43ed-99b3-073345adc904', toString:'Reference [type=Article, id= 20358, uuid=5afae854-cd2b-43ed-99b3-073345adc904]']; nested exception is eu.etaxonomy.cdm.database.PermissionDeniedException: [UPDATE] not permitted for 's.wutke' on Reference[uuid:5afae854-cd2b-43ed-99b3-073345adc904', toString:'Reference [type=Article, id= 20358, uuid=5afae854-cd2b-43ed-99b3-073345adc904]']

                at org.springframework.orm.hibernate5.SessionFactoryUtils.convertHibernateAccessException(SessionFactoryUtils.java:219)

                at org.springframework.orm.hibernate5.HibernateTransactionManager.convertHibernateAccessException(HibernateTransactionManager.java:741)

                at org.springframework.orm.hibernate5.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:589)

                at org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:761)

                at org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:730)

                at org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:485)

                at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:291)

                at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

                at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)

                at com.sun.proxy.$Proxy1724.merge(Unknown Source)

                at sun.reflect.GeneratedMethodAccessor14988.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)

                at org.springframework.remoting.support.RemoteInvocationTraceInterceptor.invoke(RemoteInvocationTraceInterceptor.java:78)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

                at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)

                at com.sun.proxy.$Proxy1851.merge(Unknown Source)

                at sun.reflect.GeneratedMethodAccessor64729.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

                at java.lang.reflect.Method.invoke(Method.java:498)

                at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)

                at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39)

                at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)

                at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)

                at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:74)

                at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:51)

                at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

                at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

                at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:969)

                at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:871)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)

                at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:845)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)

                at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:808)

                at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)

                at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:213)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

                at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)

                at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)

                at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

                at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)

                at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)

                at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121)

                at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

                at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1652)

                at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)

                at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

                at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)

                at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)

                at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)

                at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)

                at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)

                at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)

                at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

                at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)

                at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)

                at org.eclipse.jetty.server.Server.handle(Server.java:497)

                at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)

                at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)

                at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)

                at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)

                at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)

                at java.lang.Thread.run(Thread.java:745)

                at org.springframework.remoting.support.RemoteInvocationUtils.fillInClientStackTraceIfPossible(RemoteInvocationUtils.java:45)

                at org.springframework.remoting.support.RemoteInvocationResult.recreate(RemoteInvocationResult.java:149)

                at org.springframework.remoting.support.RemoteInvocationBasedAccessor.recreateRemoteInvocationResult(RemoteInvocationBasedAccessor.java:85)

                at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.invoke(HttpInvokerClientInterceptor.java:150)

                at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

                at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:208)

                at com.sun.proxy.$Proxy51.merge(Unknown Source)

                at eu.etaxonomy.taxeditor.editor.e4.TaxonEditorInputE4.merge(TaxonEditorInputE4.java:367)

                at eu.etaxonomy.taxeditor.editor.name.e4.TaxonNameEditorE4.save(TaxonNameEditorE4.java:397)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at org.eclipse.e4.core.internal.di.MethodRequestor.execute(MethodRequestor.java:55)

                ... 37 more

Caused by: eu.etaxonomy.cdm.database.PermissionDeniedException: [UPDATE] not permitted for 's.wutke' on Reference[uuid:5afae854-cd2b-43ed-99b3-073345adc904', toString:'Reference [type=Article, id= 20358, uuid=5afae854-cd2b-43ed-99b3-073345adc904]']

                at eu.etaxonomy.cdm.persistence.hibernate.CdmSecurityHibernateInterceptor.checkPermissions(CdmSecurityHibernateInterceptor.java:196)

                at eu.etaxonomy.cdm.persistence.hibernate.CdmSecurityHibernateInterceptor.onFlushDirty(CdmSecurityHibernateInterceptor.java:124)

                at org.hibernate.event.internal.DefaultFlushEntityEventListener.invokeInterceptor(DefaultFlushEntityEventListener.java:348)

                at org.hibernate.event.internal.DefaultFlushEntityEventListener.handleInterception(DefaultFlushEntityEventListener.java:325)

                at org.hibernate.event.internal.DefaultFlushEntityEventListener.scheduleUpdate(DefaultFlushEntityEventListener.java:276)

                at org.hibernate.event.internal.DefaultFlushEntityEventListener.onFlushEntity(DefaultFlushEntityEventListener.java:143)

                at org.hibernate.event.internal.AbstractFlushingEventListener.flushEntities(AbstractFlushingEventListener.java:216)

                at org.hibernate.event.internal.AbstractFlushingEventListener.flushEverythingToExecutions(AbstractFlushingEventListener.java:85)

                at org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:38)

                at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1282)

                at org.hibernate.internal.SessionImpl.managedFlush(SessionImpl.java:465)

                at org.hibernate.internal.SessionImpl.flushBeforeTransactionCompletion(SessionImpl.java:2963)

                at org.hibernate.internal.SessionImpl.beforeTransactionCompletion(SessionImpl.java:2339)

                at org.hibernate.engine.jdbc.internal.JdbcCoordinatorImpl.beforeTransactionCompletion(JdbcCoordinatorImpl.java:485)

                at org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl.beforeCompletionCallback(JdbcResourceLocalTransactionCoordinatorImpl.java:147)

                at org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl.access$100(JdbcResourceLocalTransactionCoordinatorImpl.java:38)

                at org.hibernate.resource.transaction.backend.jdbc.internal.JdbcResourceLocalTransactionCoordinatorImpl$TransactionDriverControlImpl.commit(JdbcResourceLocalTransactionCoordinatorImpl.java:231)

                at org.hibernate.engine.transaction.internal.TransactionImpl.commit(TransactionImpl.java:65)

                at org.springframework.orm.hibernate5.HibernateTransactionManager.doCommit(HibernateTransactionManager.java:581)

                ... 138 more

Related issues

Copied to Edit - bug #7603: Changing a user group does not work as expected Closed 07/30/2018

Associated revisions

Revision 86a05229 (diff)
Added by Katja Luther 4 months ago

ref #7541: fix permission handling in name editor

History

#1 Updated by Patrick Plitzner 7 months ago

  • Description updated (diff)

#2 Updated by Andreas Müller 6 months ago

  • Tags set to euro+med
  • Target version changed from Unassigned CDM tickets to Release 5.2
  • Severity changed from normal to major

we should urgently address the rights issues in taxeditor. Otherwise soon all users that should have limited rights will have admin rights.

#3 Updated by Andreas Müller 6 months ago

  • Copied to bug #7603: Changing a user group does not work as expected added

#4 Updated by Andreas Müller 6 months ago

  • Description updated (diff)

moved the second part of the description to a new ticket: #7603

#5 Updated by Andreas Müller 5 months ago

  • Target version changed from Release 5.2 to Release 5.3

#6 Updated by Katja Luther 5 months ago

  • Target version changed from Release 5.3 to Release 5.4

#7 Updated by Katja Luther 4 months ago

the missing possibility to set the focus on the name editor was because of a wrong permission check.

#8 Updated by Katja Luther 4 months ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 40

#9 Updated by Andreas Müller 3 months ago

  • Target version changed from Release 5.4 to Release 5.5

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)