bug #8443
open
a user with only rights on a subtree can edit taxa and names of another subtree
Added by Katja Luther over 4 years ago.
Updated over 4 years ago.
Description
the user with rights on a subtree is able to edit taxa outside the defined subtree. The only limitation is creation and deleting of nodes.
- Description updated (diff)
- Subject changed from a user with only rights on a subtree can edit a name not used in subtree (bulkeditor) to a user with only rights on a subtree can edit taxa and names of another subtree
- Description updated (diff)
- Category changed from cdmlib to taxeditor
- Assignee changed from Andreas Müller to Katja Luther
is this only an UI issue or is it also a cdmlib-security issue?
Andreas Müller wrote:
is this only an UI issue or is it also a cdmlib-security issue?
I think this is also a cdmlib security issue. Actually I work on the implementation in the Editor, but I think this needs also checked on cdmlib side.
As far as I understand the problem, we need to implement the furtherVotingDescisions(CdmAuthority CdmAuthority, TargetEntityStates targetEntityStates, Collection<ConfigAttribute> attributes,
ValidationResult validationResult)
in TaxonBaseVoter so that the permissions on the TaxonNodes is always taken into account.
Problems can arise when deciding on a Taxon for which the TaxonNodes are not yet initialized in this case the required information needs to be loaded from the db first. Maybe we can directly delegate the decision to the TaxonNodeVoter by calling its vote()
and furtherVotingDescisions()
methods properly.
Also available in: Atom
PDF