Context Navigation

#1964 closed defect (fixed)

This error message is displayed when going to the raw data tab of a raw bioassay.

Download all attachments as: .zip

Attachment:	denyAllRAWDATA.png added

Preliminary investigations made so far:

This seems to be an old bug that has existed since the beginning of BASE 2.0. All queries for items that are not either shareable or ownable are configured with BASIC_FILTER (source:/tags/3.6/src/core/net/sf/basedb/core/QueryRuntimeFilterFactory.java#L87 ). The BASIC_FILTER is responsible for activating the denyAll filter if no explict READ permission has been granted to an item (source:tags/3.6/src/core/net/sf/basedb/core/QueryRuntimeFilterFactory.java#L218 ).

Thus, the denyAll filter has always been enabled for items such as raw data and array design features which take their permissions from the parent raw bioassay or array design. Though this didn't matter since those queries was executed using the StatelessSession interface which doesn't support filters (source:tags/3.6/src/core/net/sf/basedb/core/DataQuery.java#L111 ). The root of the problem is that the denyAll filter should not be enabled in the first place!

The filtering system was changed as part of #1950. Generic filters (such as denyAll) was abandoned in favor for item-specific filters (such as denyAllRAWDATA). Filters for raw data has never been defined since there was no need for them. The old generic case was handled by Hibernate but now that we are more specific this causes an error.

I was expecting a similar error when listing array design features, but it turned out that both generic and specific filters has been defined for features (even though they are not needed)! They are still activated but ignored due to the StatelessSession.

Reporters are also listed queried using the StatelessSession which means that permission control is not really working for them. The User role as defined in a default BASE installation assigns Read+Use permission. If the permissions are removed or set to DENY, the denyAll filter is activated but ignored and the user can still list the reporters. Fixing this should be a separate ticket.

(In [7007]) References #1964: No such filter configured [denyAllRAWDATA]

Preliminary fix for this problem by not using filters for queries that use the stateless session (DataQuery and ReportScoreQuery).

Solving the problem with getting access to reports without permission (#1965) may require changes to this fix.

Version 0, edited 9 years ago by Nicklas Nordborg (next)

Resolution:	→ fixed
Status:	new → closed

Note: See TracTickets for help on using tickets.