bug #7874
Updated by Andreas Müller about 5 years ago
This issue is quite good explainable by the case examined in #7870#note-1 : The initial problem is cause by the `protectedNomenclaturalTitleCache` flag of the Team being set to `false`. When binding the data to the UI the `getNomenclaturalTitle()` is called which causes the the `nomenclaturalTitle` being updated using the cache strategy. The value stored in the db is now different from the value contained in the `nomenclaturalTitle`-field: ~~~ nomenclaturalTitle in db: Turland, Wiersema, Barrie, Greuter, D.Hawksw., Herend., S.Knapp, Kusber, D.Z.Li, Marhold, T.W.May, McNeill, A.M.Monro, J.Prado, M.J.Price & Gideon F.Sm. nomenclaturalTitle in loaded entity: Turland, Wiersema, Barrie, Greuter, D.Hawksw., Herend., S.Knapp, Kusber, D.Z.Li, Marhold, T.W.May, McNeill, Monro, A.M., J.Prado, M.J.Price & Gideon F.Sm. ~~~ The Team entity is loaded as part of the object graph which belongs to the reference. The *submitter* has no UPDATE permission for this Team. But saving the Reference will cause the Team being flushed to the data base. However the getter has changed the value of the `nomenclaturalTitle`-field and the user is required to have the UPDATE permission and a PermissionDeniedException is thrown. One could now point out that the Team is in in an inconsistent state since the `nomenclaturalTitle` differs from the value generated by the cache even if the `protectedNomenclaturalTitleCache` value is is false. But is seems as if this Team has been created by user *henning* manually using the Taxeditor (last updated on 2018-04-24 16:52:32). So this is not an import issue. Either the Taxeditor must never leave Teams in such an inconsistent state or we need to find a way do deal with these situations in the entity class and/or during the flush operation. This is really **critical** since it blocks underprivileged users from using object without having the UPDPATE permission.