Opened 9 years ago
Closed 9 years ago
#1964 closed defect (fixed)
No such filter configured [denyAllRAWDATA]
Reported by: | Nicklas Nordborg | Owned by: | everyone |
---|---|---|---|
Priority: | blocker | Milestone: | BASE 3.6.2 |
Component: | core | Version: | |
Keywords: | Cc: |
Description
This error message is displayed when going to the raw data tab of a raw bioassay.
Attachments (1)
Change History (4)
by , 9 years ago
Attachment: | denyAllRAWDATA.png added |
---|
comment:1 by , 9 years ago
comment:2 by , 9 years ago
(In [7007]) References #1964: No such filter configured [denyAllRAWDATA]
Preliminary fix for this problem by not using filters for queries that use the stateless session (DataQuery
and ReportScoreQuery
).
Solving the problem with getting access to reporters without permission (#1965) may require changes to this fix.
comment:3 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Preliminary investigations made so far:
denyAll
filter if no explict READ permission has been granted to an item (source:tags/3.6/src/core/net/sf/basedb/core/QueryRuntimeFilterFactory.java#L218).denyAll
filter has always been enabled for items such as raw data and array design features which take their permissions from the parent raw bioassay or array design. Though this didn't matter since those queries was executed using theStatelessSession
interface which doesn't support filters (source:tags/3.6/src/core/net/sf/basedb/core/DataQuery.java#L111). The root of the problem is that thedenyAll
filter should not be enabled in the first place!denyAll
) was abandoned in favor for item-specific filters (such asdenyAllRAWDATA
). Filters for raw data has never been defined since there was no need for them. The old generic case was handled by Hibernate but now that we are more specific this causes an error.StatelessSession
.StatelessSession
which means that permission control is not really working for them. TheUser
role as defined in a default BASE installation assigns Read+Use permission. If the permissions are removed or set to DENY, thedenyAll
filter is activated but ignored and the user can still list the reporters. Fixing this should be a separate ticket.