Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-10773

Add permission check the Transactional Document copy method

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Rice Module:
      KRAD
    • KRAD Feature Area:
      Maintenance
    • Application Requirement:
      Rice
    • Sprint:
      Core 2.5.0-m6 Sprint 2, Core 2.5.0-m7 Sprint 1
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes
    • Story Points:
      3

      Description

      The copy method is in the controller but it is missing the (warning) Permission check is missing in the transactional document controller.

      Item T2 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0

        Attachments

          Issue Links

            Activity

            Hide
            cniesen Claus Niesen added a comment -

            The Travel Authorization document in the KRAD Demo App is a transactional document.

            Show
            cniesen Claus Niesen added a comment - The Travel Authorization document in the KRAD Demo App is a transactional document.
            Hide
            mztaylor Martin Taylor (Inactive) added a comment - - edited

            Notes:

            • TransactionalDocumentControllerBase is currently calling cancelAttachment - to be fixed
            • Rice Routing Rule Screens use edit/copy, good cases to compare for kns functionality
            • org.kuali.rice.krad.service.impl.MaintenanceDocumentServiceImpl#setupNewMaintenanceDocument shows checks on canCreate for new and copy actions.
            • Can use travel authorization document lookup view as entry point to test copy
            Show
            mztaylor Martin Taylor (Inactive) added a comment - - edited Notes: TransactionalDocumentControllerBase is currently calling cancelAttachment - to be fixed Rice Routing Rule Screens use edit/copy, good cases to compare for kns functionality org.kuali.rice.krad.service.impl.MaintenanceDocumentServiceImpl#setupNewMaintenanceDocument shows checks on canCreate for new and copy actions. Can use travel authorization document lookup view as entry point to test copy
            Hide
            mztaylor Martin Taylor (Inactive) added a comment -

            Regarding permission:

            • the copy action functionality was handled via a permissions check in the action. In KRAD, it goes through the UifControllerHandlerInterceptor but only if its a post. Added post to the method to call to ensure its working properly.
            • Original copy method to call was using 'maintenanceCopy' call. But transactional was tied to 'copy'. When reviewing KRADConstants, 'copy' was listed as Mainteance_copy_method_to_call, and standard copy_to_call was set to 'maintenanceCopy'. Added Document to KradConstants and set method_to_call_copy = 'copy'.
            • Some JPA/OJB issues with copy functionality, corrected.

            Adding code review with Kristina/Jonathan

            Show
            mztaylor Martin Taylor (Inactive) added a comment - Regarding permission: the copy action functionality was handled via a permissions check in the action. In KRAD, it goes through the UifControllerHandlerInterceptor but only if its a post. Added post to the method to call to ensure its working properly. Original copy method to call was using 'maintenanceCopy' call. But transactional was tied to 'copy'. When reviewing KRADConstants, 'copy' was listed as Mainteance_copy_method_to_call, and standard copy_to_call was set to 'maintenanceCopy'. Added Document to KradConstants and set method_to_call_copy = 'copy'. Some JPA/OJB issues with copy functionality, corrected. Adding code review with Kristina/Jonathan

              People

              • Assignee:
                mztaylor Martin Taylor (Inactive)
                Reporter:
                jruch Jeff Ruch
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: