Project

General

Profile

bug #9083

Improve authorization handling in synonym details view (and generally)

Added by Andreas Müller 5 months ago.

Status:
New
Priority:
New
Assignee:
Category:
taxeditor
Target version:
Start date:
06/19/2020
Due date:
% Done:

0%

Severity:
normal
Found in Version:
Tags:

Description

from #8849#note-7

Generally for permission checks the class CdmUserHelper should be used which provides a couple of methods like userHasPermission(CdmBase entity, Object... args). String comparison is not always save as you may miss the rules implemented into by specific voters in CdmPermissionVoter.furtherVotingDescisions(CdmAuthority CdmAuthority, TargetEntityStates targetEntityStates, Collection attributes, ValidationResult validationResult).

Instead of using the string TAXONNODE it would be better to use PermissionClass.TAXONNODE instead.

Now to the logic. I think it is correct to only do the second step check for TaxonNode permissions if there is an accepted taxon with TaxonNodes at all. Otherwise the operation should be granted.

Apart from the above critics, code looks good but should be put into the TaxonBaseVoter as furtherVotingDescisions() implementation. As this can be breaking things we should do this only after the release. It should not be forgotten though as it is crucial to have all permission deccission logic at a central place.

One last comment on the CdmStore.currentAuthentiationHasPermission(...) methods: These should also use the CdmUserHelper internally or should be replaced by calls to the according CdmUserHelper methods.


Related issues

Copied from Edit - bug #8849: NPE in synonym DetailsViewer for synonyms without accepted taxon Closed 02/18/2020

History

#1 Updated by Andreas Müller 5 months ago

  • Copied from bug #8849: NPE in synonym DetailsViewer for synonyms without accepted taxon added

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 40 MB)