Project

General

Profile

bug #7874

Updated by Andreas Müller over 2 years ago

This issue is quite good explainable by the case examined in #7870#note-1 :

The initial problem is cause by the `protectedNomenclaturalTitleCache` flag of the Team being set to `false`. When binding the data to the UI the `getNomenclaturalTitle()` is called which causes the the `nomenclaturalTitle` being updated using the cache strategy. The value stored in the db is now different from the value contained in the `nomenclaturalTitle`-field:

~~~
nomenclaturalTitle in db:

Turland, Wiersema, Barrie, Greuter, D.Hawksw., Herend., S.Knapp, Kusber, D.Z.Li, Marhold, T.W.May, McNeill, A.M.Monro, J.Prado, M.J.Price & Gideon F.Sm.

nomenclaturalTitle in loaded entity:
Turland, Wiersema, Barrie, Greuter, D.Hawksw., Herend., S.Knapp, Kusber, D.Z.Li, Marhold, T.W.May, McNeill, Monro, A.M., J.Prado, M.J.Price & Gideon F.Sm.
~~~

The Team entity is loaded as part of the object graph which belongs to the reference. The *submitter* has no UPDATE permission for this Team. But saving the Reference will cause the Team being flushed to the data base. However the getter has changed the value of the `nomenclaturalTitle`-field and the user is required to have the UPDATE permission and a PermissionDeniedException is thrown.

One could now point out that the Team is in in an inconsistent state since the `nomenclaturalTitle` differs from the value generated by the cache even if the `protectedNomenclaturalTitleCache` value is is false. But is seems as if this Team has been created by user *henning* manually using the Taxeditor (last updated on 2018-04-24 16:52:32). So this is not an import issue.

Either the Taxeditor must never leave Teams in such an inconsistent state or we need to find a way do deal with these situations in the entity class and/or during the flush operation.

This is really **critical** since it blocks underprivileged users from using object without having the UPDPATE permission.

Back

Add picture from clipboard (Maximum size: 40 MB)