bug #7874
closedTeamOrPersonBase entity can become unusable due to replacement of the title caches on using getters
100%
Description
This issue is quite good explainable by the case examined in #7870#note-1 :
The initial problem is cause by the protectedNomenclaturalTitleCache flag of the Team being set to false. When binding the data to the UI the getNomenclaturalTitle() is called which causes the the nomenclaturalTitle being updated using the cache strategy. The value stored in the db is now different from the value contained in the nomenclaturalTitle-field:
nomenclaturalTitle in db: Turland, Wiersema, Barrie, Greuter, D.Hawksw., Herend., S.Knapp, Kusber, D.Z.Li, Marhold, T.W.May, McNeill, A.M.Monro, J.Prado, M.J.Price & Gideon F.Sm. nomenclaturalTitle in loaded entity: Turland, Wiersema, Barrie, Greuter, D.Hawksw., Herend., S.Knapp, Kusber, D.Z.Li, Marhold, T.W.May, McNeill, Monro, A.M., J.Prado, M.J.Price & Gideon F.Sm.
The Team entity is loaded as part of the object graph which belongs to the reference. The submitter has no UPDATE permission for this Team. But saving the Reference will cause the Team being flushed to the data base. However the getter has changed the value of the nomenclaturalTitle-field and the user is required to have the UPDATE permission and a PermissionDeniedException is thrown.
One could now point out that the Team is in an inconsistent state since the nomenclaturalTitle differs from the value generated by the cache even if the protectedNomenclaturalTitleCache value is is false. But is seems as if this Team has been created by user henning manually using the Taxeditor (last updated on 2018-04-24 16:52:32). So this is not an import issue.
Either the Taxeditor must never leave Teams in such an inconsistent state or we need to find a way do deal with these situations in the entity class and/or during the flush operation.
This is really critical since it blocks underprivileged users from using object without having the UPDPATE permission.
Files
Related issues