#194 closed defect (fixed)
Permission denied: Not allowed to use B
| Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | critical | Milestone: | BASE 2.0 RC2 |
| Component: | web | Version: | |
| Keywords: | Cc: |
Description
Happens when a user has been given WRITE permission to one item (A), and has READ permission to another item (B) which is linked from A. When the user tries change some properties of A, for example the name or an annotation and clicks "Save" the above error is displayed and the changes are not saved to the database. If the user has USE or no permission at all to B, the error doesn't happen.
The error message is correct as such. The problem is that the web client is trying to update the linked item even though the user hasn't changed the link. The problem can be solved either at the core level or at the web client level by checking if the linked item is the same or a new one. In any case, there are a lot of places in the code to change (all many-to-one links).
This bug should be a minor problem if people start using projects as intended, but may be a big PITA if they are using group- or user-level sharing (migrated from BASE1). See also ticket #148: Should read permission in BASE 1 be migrated as read/use permission in BASE2
Change History (4)
comment:1 by , 19 years ago
| Status: | new → assigned |
|---|
comment:2 by , 19 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:3 by , 19 years ago
This problem was fixed in the web client by letting the edit page submit the negative ID of the current item. A negative ID is a signal that the linked item (B) shouldn't be changed. However, if the user replaces B with another item the real (positive) ID is sent.
comment:4 by , 19 years ago
| Milestone: | BASE 2.0 → BASE 2.0 RC2 |
|---|
(In [2197]) Fixes #194: Permission denied: Not allowed to use B