Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-10773

Add permission check the Transactional Document copy method

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Rice Module:
      KRAD
    • KRAD Feature Area:
      Maintenance
    • Application Requirement:
      Rice
    • Sprint:
      Core 2.5.0-m6 Sprint 2, Core 2.5.0-m7 Sprint 1
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required
    • Code Review Status:
      Not Required
    • Include in Release Notes?:
      Yes
    • Story Points:
      3

      Description

      The copy method is in the controller but it is missing the (warning) Permission check is missing in the transactional document controller.

      Item T2 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0

        Attachments

          Issue Links

            Activity

            jruch Jeff Ruch created issue -
            jruch Jeff Ruch made changes -
            Field Original Value New Value
            Link This issue cloned to KULRICE-10772 [ KULRICE-10772 ]
            jruch Jeff Ruch made changes -
            Description Support for a "Use Transactional Document" permission which was used to control the availability of various sections/features of the document. One of the permission details was an "editMode", which predates the KIM conversion. It was a simple string flag which was stored in the request and checked by the JSP code (and business rules) to determine what the user could do with the document at the present time.

            This feature was also used to present completely different views on a few KFS documents.
            Line item 1 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0
            The copy method is in the controller but it is missing the (warning) Permission check is missing in the transactional document controller.

            Line item 2 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0
            jruch Jeff Ruch made changes -
            Link This issue cloned from KULRICE-10774 [ KULRICE-10774 ]
            cniesen Claus Niesen made changes -
            Description The copy method is in the controller but it is missing the (warning) Permission check is missing in the transactional document controller.

            Line item 2 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0
            The copy method is in the controller but it is missing the (warning) Permission check is missing in the transactional document controller.

            Item T2 on https://docs.google.com/a/kuali.org/spreadsheet/ccc?key=0AqaSaSLMsdRMdGUxREo4UXRBN1FjN1Fyb1Bvb3JhWUE#gid=0
            cniesen Claus Niesen made changes -
            Fix Version/s 2.5 [ 17044 ]
            Fix Version/s 2.4 [ 16913 ]
            kbtaylor Kristina Taylor (Inactive) made changes -
            Rank Ranked higher
            kbtaylor Kristina Taylor (Inactive) made changes -
            Rank Ranked higher
            kbtaylor Kristina Taylor (Inactive) made changes -
            Rank Ranked higher
            kbtaylor Kristina Taylor (Inactive) made changes -
            Component/s KNS Equivalency [ 13684 ]
            Hide
            cniesen Claus Niesen added a comment -

            The Travel Authorization document in the KRAD Demo App is a transactional document.

            Show
            cniesen Claus Niesen added a comment - The Travel Authorization document in the KRAD Demo App is a transactional document.
            kbtaylor Kristina Taylor (Inactive) made changes -
            Story Points 3
            kbtaylor Kristina Taylor (Inactive) made changes -
            Sprint Core 2.5.0-m6 Sprint 2 [ 371 ]
            kbtaylor Kristina Taylor (Inactive) made changes -
            Rank Ranked higher
            mztaylor Martin Taylor (Inactive) made changes -
            Assignee Martin Taylor [ mztaylor ]
            Hide
            mztaylor Martin Taylor (Inactive) added a comment - - edited

            Notes:

            • TransactionalDocumentControllerBase is currently calling cancelAttachment - to be fixed
            • Rice Routing Rule Screens use edit/copy, good cases to compare for kns functionality
            • org.kuali.rice.krad.service.impl.MaintenanceDocumentServiceImpl#setupNewMaintenanceDocument shows checks on canCreate for new and copy actions.
            • Can use travel authorization document lookup view as entry point to test copy
            Show
            mztaylor Martin Taylor (Inactive) added a comment - - edited Notes: TransactionalDocumentControllerBase is currently calling cancelAttachment - to be fixed Rice Routing Rule Screens use edit/copy, good cases to compare for kns functionality org.kuali.rice.krad.service.impl.MaintenanceDocumentServiceImpl#setupNewMaintenanceDocument shows checks on canCreate for new and copy actions. Can use travel authorization document lookup view as entry point to test copy
            Hide
            mztaylor Martin Taylor (Inactive) added a comment -

            Regarding permission:

            • the copy action functionality was handled via a permissions check in the action. In KRAD, it goes through the UifControllerHandlerInterceptor but only if its a post. Added post to the method to call to ensure its working properly.
            • Original copy method to call was using 'maintenanceCopy' call. But transactional was tied to 'copy'. When reviewing KRADConstants, 'copy' was listed as Mainteance_copy_method_to_call, and standard copy_to_call was set to 'maintenanceCopy'. Added Document to KradConstants and set method_to_call_copy = 'copy'.
            • Some JPA/OJB issues with copy functionality, corrected.

            Adding code review with Kristina/Jonathan

            Show
            mztaylor Martin Taylor (Inactive) added a comment - Regarding permission: the copy action functionality was handled via a permissions check in the action. In KRAD, it goes through the UifControllerHandlerInterceptor but only if its a post. Added post to the method to call to ensure its working properly. Original copy method to call was using 'maintenanceCopy' call. But transactional was tied to 'copy'. When reviewing KRADConstants, 'copy' was listed as Mainteance_copy_method_to_call, and standard copy_to_call was set to 'maintenanceCopy'. Added Document to KradConstants and set method_to_call_copy = 'copy'. Some JPA/OJB issues with copy functionality, corrected. Adding code review with Kristina/Jonathan
            kbtaylor Kristina Taylor (Inactive) made changes -
            Sprint Core 2.5.0-m6 Sprint 2 [ 371 ] Core 2.5.0-m6 Sprint 2, Core 2.5.0-m7 Sprint 1 [ 371, 386 ]
            kbtaylor Kristina Taylor (Inactive) made changes -
            Rank Ranked higher
            kbtaylor Kristina Taylor (Inactive) made changes -
            Link This issue discovered KULRICE-13166 [ KULRICE-13166 ]
            mztaylor Martin Taylor (Inactive) made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            masargen Matt Sargent made changes -
            Status Resolved [ 5 ] Closed [ 6 ]

              People

              • Assignee:
                mztaylor Martin Taylor (Inactive)
                Reporter:
                jruch Jeff Ruch
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: