Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-10439

AttributeSecurity hide attribute is not handled correctly

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • KRAD Feature Area:
      Inquiry
    • Sprint:
      2.4.0-m2 Sprint 2, 2.4.0-m2 KRAD Sprint 3
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes

      Description

      In the KNS, you could hide an entire field in the Inquiry based on KIM permissions by adding AttributeSecurity to the DD

      <property name="attributeSecurity">
        <bean parent="AttributeSecurity" p:hide="true"/>
      </property>
      

      This would have the effect of removing the entire row (description and value) from the interface if a permission based on the KR-NS / View Inquiry or Maintenance Document Field template was not assigned to the current user. In KRAD, there are several issues that prevent this from working.

      • DataField.hasSecureValue incorrectly calls isHidden() to check for a secure field. Confirmed with Jerry that it should not do this.
      • The permissions are not consulted for AttributeSecurity.isHide. The field should only be displayed if a permission based on the KR-KRAD / View Field template is assigned to the current user.
      • KRAD does not completely eliminate this field from the interface. It only encrypts the value and shows the description. It needs to completely remove this from the interface, just as if the field had p:render="false" and p:hidden="true".

      I believe the additional check for AttributeSecurity should just be added to ViewAuthorizerBase.canViewField. Then, the p:render="false" and p:hidden="true" attributes will be set correctly. I will update the KNS2KRAD guide separately to reflect what this should be.

        Attachments

          Activity

          Error rendering 'com.atlassian.jira.jira-view-issue-plugin:activitymodule'. Please contact your JIRA administrators.

            People

            • Assignee:
              kbtaylor Kristina Taylor (Inactive)
              Reporter:
              kbtaylor Kristina Taylor (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3 days
                3d
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 6 hours Time Not Required
                1d 6h