Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-10439

AttributeSecurity hide attribute is not handled correctly

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • KRAD Feature Area:
      Inquiry
    • Sprint:
      2.4.0-m2 Sprint 2, 2.4.0-m2 KRAD Sprint 3
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      In the KNS, you could hide an entire field in the Inquiry based on KIM permissions by adding AttributeSecurity to the DD

      <property name="attributeSecurity">
        <bean parent="AttributeSecurity" p:hide="true"/>
      </property>
      

      This would have the effect of removing the entire row (description and value) from the interface if a permission based on the KR-NS / View Inquiry or Maintenance Document Field template was not assigned to the current user. In KRAD, there are several issues that prevent this from working.

      • DataField.hasSecureValue incorrectly calls isHidden() to check for a secure field. Confirmed with Jerry that it should not do this.
      • The permissions are not consulted for AttributeSecurity.isHide. The field should only be displayed if a permission based on the KR-KRAD / View Field template is assigned to the current user.
      • KRAD does not completely eliminate this field from the interface. It only encrypts the value and shows the description. It needs to completely remove this from the interface, just as if the field had p:render="false" and p:hidden="true".

      I believe the additional check for AttributeSecurity should just be added to ViewAuthorizerBase.canViewField. Then, the p:render="false" and p:hidden="true" attributes will be set correctly. I will update the KNS2KRAD guide separately to reflect what this should be.

        Attachments

          Activity

          kbtaylor Kristina Taylor (Inactive) created issue -
          kbtaylor Kristina Taylor (Inactive) made changes -
          Field Original Value New Value
          Description In the KNS, you could hide an entire field in the Inquiry based on KIM permissions by adding {{AttributeSecurity}} to the DD

          {code}
          <property name="attributeSecurity">
            <bean parent="AttributeSecurity" p:hide="true"/>
          </property>
          {code}

          This would have the effect of removing the entire row (description and value) from the interface if a permission based on the KR-NS / View Inquiry or Maintenance Document Field template was not assigned to the current user. In KRAD, there are several issues that prevent this from working.

          * {{DataField.hasSecureValue}} incorrectly calls {{isHidden()}} to check for a secure field. Confirmed with Jerry that it should not do this.
          * The permissions are not consulted for {{AttributeSecurity.isHide}}. The field should only be displayed if a permission based on an available template is assigned to the current user. I believe the permission template should be KR-KRAD / View Field, but we may need to look into this further).
          * KRAD does not completely eliminate this field from the interface. It only encrypts the value and shows the description. We need to decide whether we should be exactly KNS equivalent or just hide and encrypt the value, leaving the description intact.
          In the KNS, you could hide an entire field in the Inquiry based on KIM permissions by adding {{AttributeSecurity}} to the DD

          {code}
          <property name="attributeSecurity">
            <bean parent="AttributeSecurity" p:hide="true"/>
          </property>
          {code}

          This would have the effect of removing the entire row (description and value) from the interface if a permission based on the KR-NS / View Inquiry or Maintenance Document Field template was not assigned to the current user. In KRAD, there are several issues that prevent this from working.

          * {{DataField.hasSecureValue}} incorrectly calls {{isHidden()}} to check for a secure field. Confirmed with Jerry that it should not do this.
          * The permissions are not consulted for {{AttributeSecurity.isHide}}. The field should only be displayed if a permission based on the KR-KRAD / View Field template is assigned to the current user.
          * KRAD does not completely eliminate this field from the interface. It only encrypts the value and shows the description. It needs to completely remove this from the interface, just as if the field had p:render="false" and p:hidden="true".

          I believe the additional check for {{AttributeSecurity}} should just be added to {{ViewAuthorizerBase.canViewField}}. Then, the p:render="false" and p:hidden="true" attributes will be set correctly. I will update the KNS2KRAD guide separately to reflect what this should be.
          kbtaylor Kristina Taylor (Inactive) made changes -
          Fix Version/s 2.4.0-m2 [ 17036 ]
          Fix Version/s 2.4 [ 16913 ]
          kbtaylor Kristina Taylor (Inactive) made changes -
          Fix Version/s 2.4.0-m3 [ 17037 ]
          kbtaylor Kristina Taylor (Inactive) made changes -
          Fix Version/s 2.4 [ 16913 ]
          Fix Version/s 2.4.0-m2 [ 17036 ]
          Fix Version/s 2.4.0-m3 [ 17037 ]
          kbtaylor Kristina Taylor (Inactive) made changes -
          Epic Link KULRICE-9439 [ 114708 ]
          gilesp Peter Giles (Inactive) made changes -
          Sprint 2.4.0-m2 Sprint 2 [ 63 ]
          gilesp Peter Giles (Inactive) made changes -
          Rank Ranked lower
          gilesp Peter Giles (Inactive) made changes -
          Assignee Kristina Taylor [ kbtaylor ]
          kbtaylor Kristina Taylor (Inactive) made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          Hide
          kbtaylor Kristina Taylor (Inactive) added a comment - - edited

          There are some inconsistencies in the KNS that make this one a bit more difficult to solve. Even though this issue is for Inquiry, the places that we need to change will affect Inquiry, Lookup, and Maintenance. If we set attribute security to hide, this is how the KNS acts:

          • Inquiry
            • Field in base class is completely removed from the interface
            • Field in collection is blanked out but the cell remains
          • Lookup
            • Field in base class appears in lookup
            • Field in base class appears in results
          • Maintenance
            • Field in base class is completely removed from the interface
            • Field in collection is able to be added but not edited

          This is how KRAD acts with my fixes:

          • Inquiry
            • Field in base class is completely removed from the interface
            • Field in collection is blanked out but the cell remains
          • Lookup
            • Field in base class is completely removed from the lookup
            • Field in base class is blanked out in results but the column remains
          • Maintenance
            • Field in base class is completely removed from the interface
            • Field in collection is blanked out but the cell remains

          The represent either features I am unaware of or bugs. The way I got these changes was to add the following four lines to copyFromAttributeDefinition in both DataField and LookupInputField:

          getDataFieldSecurity().setViewAuthz(getDataFieldSecurity().getAttributeSecurity().isHide());
          getDataFieldSecurity().setEditAuthz(getDataFieldSecurity().getAttributeSecurity().isHide());
          getDataFieldSecurity().setViewInLineAuthz(getDataFieldSecurity().getAttributeSecurity().isHide());
          getDataFieldSecurity().setEditInLineAuthz(getDataFieldSecurity().getAttributeSecurity().isHide());
          

          The one other thing I will probably have to do is convert all of the Authz fields from boolean to Boolean and prevent them from initializing at first so the overrides are done correctly. Not quite sure what effects this will have, as the ComponentSecurity objects are all automatically initialized, so perhaps we should have a lazy init and default to false?

          Show
          kbtaylor Kristina Taylor (Inactive) added a comment - - edited There are some inconsistencies in the KNS that make this one a bit more difficult to solve. Even though this issue is for Inquiry, the places that we need to change will affect Inquiry, Lookup, and Maintenance. If we set attribute security to hide, this is how the KNS acts: Inquiry Field in base class is completely removed from the interface Field in collection is blanked out but the cell remains Lookup Field in base class appears in lookup Field in base class appears in results Maintenance Field in base class is completely removed from the interface Field in collection is able to be added but not edited This is how KRAD acts with my fixes: Inquiry Field in base class is completely removed from the interface Field in collection is blanked out but the cell remains Lookup Field in base class is completely removed from the lookup Field in base class is blanked out in results but the column remains Maintenance Field in base class is completely removed from the interface Field in collection is blanked out but the cell remains The represent either features I am unaware of or bugs. The way I got these changes was to add the following four lines to copyFromAttributeDefinition in both DataField and LookupInputField : getDataFieldSecurity().setViewAuthz(getDataFieldSecurity().getAttributeSecurity().isHide()); getDataFieldSecurity().setEditAuthz(getDataFieldSecurity().getAttributeSecurity().isHide()); getDataFieldSecurity().setViewInLineAuthz(getDataFieldSecurity().getAttributeSecurity().isHide()); getDataFieldSecurity().setEditInLineAuthz(getDataFieldSecurity().getAttributeSecurity().isHide()); The one other thing I will probably have to do is convert all of the Authz fields from boolean to Boolean and prevent them from initializing at first so the overrides are done correctly. Not quite sure what effects this will have, as the ComponentSecurity objects are all automatically initialized, so perhaps we should have a lazy init and default to false?
          jcoltrin Jessica Coltrin (Inactive) made changes -
          Rank Ranked higher
          jcoltrin Jessica Coltrin (Inactive) made changes -
          Sprint 2.4.0-m2 Sprint 2 [ 63 ] 2.4.0-m2 Sprint 2, 2.4.0-m2 KRAD Sprint 3 [ 63, 76 ]
          kbtaylor Kristina Taylor (Inactive) logged work - 16/Sep/13 11:51 AM
          • Time Spent:
            1 day, 6 hours
             
            <No comment>
          kbtaylor Kristina Taylor (Inactive) made changes -
          Remaining Estimate 3 days [ 86400 ] 0 minutes [ 0 ]
          Time Spent 1 day, 6 hours [ 50400 ]
          Worklog Id 88469 [ 88469 ]
          kbtaylor Kristina Taylor (Inactive) made changes -
          Status In Progress [ 3 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          jcoltrin Jessica Coltrin (Inactive) made changes -
          Fix Version/s 2.4.0-m2 [ 17036 ]
          jcoltrin Jessica Coltrin (Inactive) made changes -
          Fix Version/s 2.4.0-m2 [ 17036 ]
          jcoltrin Jessica Coltrin (Inactive) made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              kbtaylor Kristina Taylor (Inactive)
              Reporter:
              kbtaylor Kristina Taylor (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3 days
                3d
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 6 hours Time Not Required
                1d 6h