Uploaded image for project: 'Kuali Rice Development'
  1. Kuali Rice Development
  2. KULRICE-4859

The "create new" button shows up on the permission look up screen and the responsibility look up screen even if the user does not have permissions to initiate a new maintenance document of that type

    Details

    • Type: Bug Fix
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.0.1.1, 1.0.2, 1.0.3
    • Fix Version/s: 1.0.3.1
    • Component/s: Development
    • Security Level: Public (Public: Anyone can view)
    • Labels:
      None
    • Rice Module:
      KNS, KIM
    • Application Requirement:
      Rice
    • KAI Review Status:
      Not Required
    • KTI Review Status:
      Not Required

      Description

      The "create new" button shows up on the permission look up screen and the responsibility look up screen even if the user does not have permissions to initiate a new maintenance document of the corresponding type. This results in a "user is not authorized to initiate document" error if the person tries to select the create new button. This is a bug in both 1.0.1.1 and 1.0.3, and I also assume it is a problem for all of the releases in between but I did not verify that.

      In KualiLookupAction.supressActionsIfNeeded(), when the permission or responsibility lookup screens are chosen, the class org.kuali.rice.kim.bo.impl.PermissionImpl and the class org.kuali.rice.kim.bo.impl.ResponsibilityImpl do not have a corresponding documentTypeName, so the canInitiate permission is not checked. (documentTypeName == null). For other screens, such as the campus lookup, the documentTypeName is returned so the check in KualiLookup.jsp does not get entered to call createNewUrl().

      Both PermissionLookupableImpl.java and ResponsibilityLookupableImpl.java overwrite the getCreateNewUrl() method, which is not the case for most of the other classes.

      Check in KualiLookup.jsp:

      <c:if test="$

      {KualiForm.suppressActions!=true and KualiForm.supplementalActionsEnabled!=true}

      ">
      <c:set var="headerMenu" value="$

      {KualiForm.lookupable.createNewUrl}

      $

      {KualiForm.lookupable.htmlMenuBar}

      " />
      </c:if>

      KualiLookupAction.supressActionsIfNeeded() :

      protected void supressActionsIfNeeded( ActionForm form ) throws ClassNotFoundException {
      if ((form instanceof LookupForm) && ( ((LookupForm)form).getBusinessObjectClassName() != null )) {
      Class businessObjectClass = Class.forName( ((LookupForm)form).getBusinessObjectClassName() );
      // check if creating documents is allowed
      String documentTypeName = getMaintenanceDocumentDictionaryService().getDocumentTypeName(businessObjectClass);
      if ((documentTypeName != null) && !getDocumentHelperService().getDocumentAuthorizer(documentTypeName).canInitiate(documentTypeName, GlobalVariables.getUserSession().getPerson()))

      { ((LookupForm)form).setSuppressActions( true ); }

      }
      }

        Attachments

          Activity

          Hide
          jcoltrin Jessica Coltrin (Inactive) added a comment -

          closing since 1.0.3.1 is released.

          Show
          jcoltrin Jessica Coltrin (Inactive) added a comment - closing since 1.0.3.1 is released.

            People

            • Assignee:
              jjhanso Jeremy Hanson
              Reporter:
              shahess Shannon Hess
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: