Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-10773

Add permission check the Transactional Document copy method

    Details

    • Type: Bug Fix Bug Fix
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Similar issues:
      KULRICE-8844KualiDocumentFormBase permission checks are more expensive than they have to be
      KULRICE-7185Optimization of KIM Permission Checks
      KULRICE-10772Support "Use Transactional Document" permission in KRAD
      KULRICE-10110Cleanup on copy methods
      KULRICE-13841Create controller/form for transactional documents
      KULRICE-3714Update PermissionService API with a method to check multiple permissions at once
      KULRICE-12626Improvements on binding/method security
      KULRICE-12471Need to add support in code to use the KR-KRAD namespace permissions instead of the KNS namespace permissions
      KULRICE-8908To make document explanation field controllable of editing permission
      KULRICE-8673Copy Permission not validating New Copy for duplicate Permission Name
    • Rice Module:
      KRAD
    • KRAD Feature Area:
      Maintenance
    • Application Requirement:
      Rice
    • Sprint:
      Core 2.5.0-m6 Sprint 2, Core 2.5.0-m7 Sprint 1
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes
    • Story Points:
      3

      Description

      The copy method is in the controller but it is missing the (warning) Permission check is missing in the transactional document controller.

      Item T2 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0

        Issue Links

          Activity

          Hide
          Claus Niesen added a comment -

          The Travel Authorization document in the KRAD Demo App is a transactional document.

          Show
          Claus Niesen added a comment - The Travel Authorization document in the KRAD Demo App is a transactional document.
          Hide
          Martin Taylor (Inactive) added a comment - - edited

          Notes:

          • TransactionalDocumentControllerBase is currently calling cancelAttachment - to be fixed
          • Rice Routing Rule Screens use edit/copy, good cases to compare for kns functionality
          • org.kuali.rice.krad.service.impl.MaintenanceDocumentServiceImpl#setupNewMaintenanceDocument shows checks on canCreate for new and copy actions.
          • Can use travel authorization document lookup view as entry point to test copy
          Show
          Martin Taylor (Inactive) added a comment - - edited Notes: TransactionalDocumentControllerBase is currently calling cancelAttachment - to be fixed Rice Routing Rule Screens use edit/copy, good cases to compare for kns functionality org.kuali.rice.krad.service.impl.MaintenanceDocumentServiceImpl#setupNewMaintenanceDocument shows checks on canCreate for new and copy actions. Can use travel authorization document lookup view as entry point to test copy
          Hide
          Martin Taylor (Inactive) added a comment -

          Regarding permission:

          • the copy action functionality was handled via a permissions check in the action. In KRAD, it goes through the UifControllerHandlerInterceptor but only if its a post. Added post to the method to call to ensure its working properly.
          • Original copy method to call was using 'maintenanceCopy' call. But transactional was tied to 'copy'. When reviewing KRADConstants, 'copy' was listed as Mainteance_copy_method_to_call, and standard copy_to_call was set to 'maintenanceCopy'. Added Document to KradConstants and set method_to_call_copy = 'copy'.
          • Some JPA/OJB issues with copy functionality, corrected.

          Adding code review with Kristina/Jonathan

          Show
          Martin Taylor (Inactive) added a comment - Regarding permission: the copy action functionality was handled via a permissions check in the action. In KRAD, it goes through the UifControllerHandlerInterceptor but only if its a post. Added post to the method to call to ensure its working properly. Original copy method to call was using 'maintenanceCopy' call. But transactional was tied to 'copy'. When reviewing KRADConstants, 'copy' was listed as Mainteance_copy_method_to_call, and standard copy_to_call was set to 'maintenanceCopy'. Added Document to KradConstants and set method_to_call_copy = 'copy'. Some JPA/OJB issues with copy functionality, corrected. Adding code review with Kristina/Jonathan

            People

            • Assignee:
              Martin Taylor (Inactive)
              Reporter:
              Jeff Ruch
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Agile

                  Structure Helper Panel