Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#194 closed defect (fixed)

Permission denied: Not allowed to use B

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: critical Milestone: BASE 2.0 RC2
Component: web Version:
Keywords: Cc:


Happens when a user has been given WRITE permission to one item (A), and has READ permission to another item (B) which is linked from A. When the user tries change some properties of A, for example the name or an annotation and clicks "Save" the above error is displayed and the changes are not saved to the database. If the user has USE or no permission at all to B, the error doesn't happen.

The error message is correct as such. The problem is that the web client is trying to update the linked item even though the user hasn't changed the link. The problem can be solved either at the core level or at the web client level by checking if the linked item is the same or a new one. In any case, there are a lot of places in the code to change (all many-to-one links).

This bug should be a minor problem if people start using projects as intended, but may be a big PITA if they are using group- or user-level sharing (migrated from BASE1). See also ticket #148: Should read permission in BASE 1 be migrated as read/use permission in BASE2

Change History (4)

comment:1 by Nicklas Nordborg, 18 years ago

Status: newassigned

comment:2 by Nicklas Nordborg, 18 years ago

Resolution: fixed
Status: assignedclosed

(In [2197]) Fixes #194: Permission denied: Not allowed to use B

comment:3 by Nicklas Nordborg, 18 years ago

This problem was fixed in the web client by letting the edit page submit the negative ID of the current item. A negative ID is a signal that the linked item (B) shouldn't be changed. However, if the user replaces B with another item the real (positive) ID is sent.

comment:4 by Nicklas Nordborg, 18 years ago

Milestone: BASE 2.0BASE 2.0 RC2
Note: See TracTickets for help on using tickets.