Kuali Rice Development
  1. Kuali Rice Development
  2. KULRICE-3278

Determine if permission is still being checked for org.kuali.rice.kew.web.backdoor.AdministrationAction

    Details

    • Type: Task Task
    • Status: Closed Closed
    • Priority: Critical Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.0
    • Component/s: Development
    • Labels:
      None
    • Similar issues:
      KULRICE-13379Create Web Tests for KRAD Maintenance Document permission check on route
      KULRICE-4295useKimPermission not being checked on canBlanketApprove in DocumentTypePermissionServiceImpl
      KULRICE-3055determine whether the required attribute tables were a good idea
      KULRICE-3523KEN is still using workgroups for authorization, convert to KIM permissions
      KULRICE-7185Optimization of KIM Permission Checks
      KULRICE-11284Partial Unmask Field permission does not work in KRAD
      KULRICE-5339Finish integration with presentation controller/authorizer/AttributeSecurity checking KIM
      KULRICE-6439Check permissions for adhoc routing and action request types
      KULRICE-12292Double check KNS classes still used in KRAD
      KULRICE-2539Ensure old permission-related Application Constants are converted over to KIM, completely remove remaining pieces of Application Constants services and screens

      Description

      The permission id in the database is 300. It seems the data is bad anyway because it's pointing to a bad template.

      After the portal refactoring though, I wonder if we are even using this permission anymore? Can it just be removed?

      If so, let's create some sql scripts to remove from the db, KFS will need to run as well.

        Issue Links

          Activity

          Hide
          Peter Giles (Inactive) added a comment -

          Just to double check, is it okay not to have a permission check on the backdoor login, given that the backdoor login only functions when the environment code isn't set to production?

          Show
          Peter Giles (Inactive) added a comment - Just to double check, is it okay not to have a permission check on the backdoor login, given that the backdoor login only functions when the environment code isn't set to production?
          Hide
          Eric Westfall added a comment -

          Yes, I think that's fine for that reason. I don't think we restricted who could perform the backdoor functionality previously anyway. That permission only governed whether or not the "Administration" section showed up on the "old" workflow portal screen.

          Show
          Eric Westfall added a comment - Yes, I think that's fine for that reason. I don't think we restricted who could perform the backdoor functionality previously anyway. That permission only governed whether or not the "Administration" section showed up on the "old" workflow portal screen.
          Hide
          Peter Giles (Inactive) added a comment - - edited


          -- Successfully tested on rice094stg, should be good to go.

          DECLARE

          ref_perm_id VARCHAR2(40);

          BEGIN

          SELECT perm_id INTO ref_perm_id FROM krim_perm_attr_data_t WHERE attr_val = 'org.kuali.rice.kew.web.backdoor.AdministrationAction';
          DELETE FROM krim_perm_attr_data_t WHERE perm_id = ref_perm_id;
          DELETE FROM krim_role_perm_t WHERE perm_id = ref_perm_id;
          DELETE FROM krim_perm_t WHERE perm_id = ref_perm_id;

          END;
          /

          Show
          Peter Giles (Inactive) added a comment - - edited – -- Successfully tested on rice094stg, should be good to go. – DECLARE ref_perm_id VARCHAR2(40); BEGIN SELECT perm_id INTO ref_perm_id FROM krim_perm_attr_data_t WHERE attr_val = 'org.kuali.rice.kew.web.backdoor.AdministrationAction'; DELETE FROM krim_perm_attr_data_t WHERE perm_id = ref_perm_id; DELETE FROM krim_role_perm_t WHERE perm_id = ref_perm_id; DELETE FROM krim_perm_t WHERE perm_id = ref_perm_id; END; /
          Hide
          Peter Giles (Inactive) added a comment -

          BTW, I don't have login info for our master database, so I can't run this against it.

          Show
          Peter Giles (Inactive) added a comment - BTW, I don't have login info for our master database, so I can't run this against it.
          Hide
          Eric Westfall added a comment -

          Thanks Peter!

          I've applied to all of the datasources (including ricekulcli094dba, so this should also resolve the linked KFSMI issue, please verify though Ailish).

          I added the sql to 07-06-2009.sql as well.

          Show
          Eric Westfall added a comment - Thanks Peter! I've applied to all of the datasources (including ricekulcli094dba, so this should also resolve the linked KFSMI issue, please verify though Ailish). I added the sql to 07-06-2009.sql as well.
          Hide
          Eric Westfall added a comment -

          Bulk change of all Rice 1.0 issues to closed after public release.

          Show
          Eric Westfall added a comment - Bulk change of all Rice 1.0 issues to closed after public release.

            People

            • Assignee:
              Peter Giles (Inactive)
              Reporter:
              Eric Westfall
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Structure Helper Panel