Opened 16 years ago

Closed 16 years ago

Last modified 16 years ago

#194 closed defect (fixed)

Permission denied: Not allowed to use B

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: critical Milestone: BASE 2.0 RC2
Component: web Version:
Keywords: Cc:

Description

Happens when a user has been given WRITE permission to one item (A), and has READ permission to another item (B) which is linked from A. When the user tries change some properties of A, for example the name or an annotation and clicks "Save" the above error is displayed and the changes are not saved to the database. If the user has USE or no permission at all to B, the error doesn't happen.

The error message is correct as such. The problem is that the web client is trying to update the linked item even though the user hasn't changed the link. The problem can be solved either at the core level or at the web client level by checking if the linked item is the same or a new one. In any case, there are a lot of places in the code to change (all many-to-one links).

This bug should be a minor problem if people start using projects as intended, but may be a big PITA if they are using group- or user-level sharing (migrated from BASE1). See also ticket #148: Should read permission in BASE 1 be migrated as read/use permission in BASE2

Change History (4)

comment:1 Changed 16 years ago by Nicklas Nordborg

Status: newassigned

comment:2 Changed 16 years ago by Nicklas Nordborg

Resolution: fixed
Status: assignedclosed

(In [2197]) Fixes #194: Permission denied: Not allowed to use B

comment:3 Changed 16 years ago by Nicklas Nordborg

This problem was fixed in the web client by letting the edit page submit the negative ID of the current item. A negative ID is a signal that the linked item (B) shouldn't be changed. However, if the user replaces B with another item the real (positive) ID is sent.

comment:4 Changed 16 years ago by Nicklas Nordborg

Milestone: BASE 2.0BASE 2.0 RC2
Note: See TracTickets for help on using tickets.