Opened 9 years ago

Closed 9 years ago

#1964 closed defect (fixed)

No such filter configured [denyAllRAWDATA]

Reported by: Nicklas Nordborg Owned by: everyone
Priority: blocker Milestone: BASE 3.6.2
Component: core Version:
Keywords: Cc:

Description

This error message is displayed when going to the raw data tab of a raw bioassay.

Attachments (1)

denyAllRAWDATA.png (41.1 KB ) - added by Nicklas Nordborg 9 years ago.

Download all attachments as: .zip

Change History (4)

by Nicklas Nordborg, 9 years ago

Attachment: denyAllRAWDATA.png added

comment:1 by Nicklas Nordborg, 9 years ago

Preliminary investigations made so far:

  • Thus, the denyAll filter has always been enabled for items such as raw data and array design features which take their permissions from the parent raw bioassay or array design. Though this didn't matter since those queries was executed using the StatelessSession interface which doesn't support filters (source:tags/3.6/src/core/net/sf/basedb/core/DataQuery.java#L111). The root of the problem is that the denyAll filter should not be enabled in the first place!
  • The filtering system was changed as part of #1950. Generic filters (such as denyAll) was abandoned in favor for item-specific filters (such as denyAllRAWDATA). Filters for raw data has never been defined since there was no need for them. The old generic case was handled by Hibernate but now that we are more specific this causes an error.
  • I was expecting a similar error when listing array design features, but it turned out that both generic and specific filters has been defined for features (even though they are not needed)! They are still activated but ignored due to the StatelessSession.
  • Reporters are also listed queried using the StatelessSession which means that permission control is not really working for them. The User role as defined in a default BASE installation assigns Read+Use permission. If the permissions are removed or set to DENY, the denyAll filter is activated but ignored and the user can still list the reporters. Fixing this should be a separate ticket.

comment:2 by Nicklas Nordborg, 9 years ago

(In [7007]) References #1964: No such filter configured [denyAllRAWDATA]

Preliminary fix for this problem by not using filters for queries that use the stateless session (DataQuery and ReportScoreQuery).

Solving the problem with getting access to reports without permission (#1965) may require changes to this fix.

Version 0, edited 9 years ago by Nicklas Nordborg (next)

comment:3 by Nicklas Nordborg, 9 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.