[jira] Created: (OFBIZ-2093) bug when adding new permissions to group

bug when adding new permissions to group
----------------------------------------

                 Key: OFBIZ-2093
                 URL: https://issues.apache.org/jira/browse/OFBIZ-2093
             Project: OFBiz
          Issue Type: Bug
          Components: party
    Affects Versions: SVN trunk, Release Branch 4.0
            Reporter: Albert Mayo
            Priority: Minor
             Fix For: SVN trunk, Release Branch 4.0


*Problem*
When I add a permission to a security group it will not be recognized immediately if the permission is already cached.  
Example:
1. Log in with testuser to the order manager and it fails and caches the permission.
2. Give the testuser the order manager view and OFBTOOLS_VIEW permissions and try to log in again. OFBiz will say the user still does not have permissions.

*Reason:*
I noticed the cache would update correctly when I take permissions away, but the cache wouldn't clear when I added new permissions.  The addSecurityPermissionToSecurityGroup service (securityext/script/org/ofbiz/securityext/securitygroup/SecurityGroupServices.xml) attempts to remove the cached security group permission but it fails to find the key. The key given for cache removal is newEntity, but after the newEntity is created it contains all the entity's values (like the createdStamp and createdTxStamp).   The cache key should only have the PK values.

I still need to read the guidelines of contributing to the project, but below I will put the fix I used on my ofbiz copy if someone wants to apply the fix sooner.

*Fix:*
Either you can call securityGroupPermissionCache.remove(newEntity) before the new <create-value value-name="newEntity"/> is called or you can make a lookupPKMap that only has the PK values and then use lookupPKMap to remove the permission cache.

Here is what my new function looks like:
{quote}
<simple-method method-name="addSecurityPermissionToSecurityGroup" short-description="Add SecurityPermission To SecurityGroup">
        <check-permission permission="SECURITY" action="_CREATE"><fail-message message="Security Error: to run addSecurityPermissionToSecurityGroup you must have the SECURITY_CREATE or SECURITY_ADMIN permission"/></check-permission>
        <check-errors/>

        <make-value value-name="newEntity" entity-name="SecurityGroupPermission"/>
        <set-pk-fields map-name="parameters" value-name="newEntity"/>
        <create-value value-name="newEntity"/>
       
        <!-- newEntity will have all SecurityGroupPermission values, so must create a PK entity for cache lookup to work -->
        <make-value value-name="lookupPKMap" entity-name="SecurityGroupPermission"/>
        <set-pk-fields map-name="parameters" value-name="lookupPKMap"/>
       
        <!-- clear the org.ofbiz.security.Security object's custom cache by newEntity -->
        <call-bsh><![CDATA[ org.ofbiz.security.Security.securityGroupPermissionCache.remove(lookupPKMap); ]]></call-bsh>
</simple-method>
{quote}



--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Albert Mayo updated OFBIZ-2093:
-------------------------------

    Description:
*Problem*
When I add a permission to a security group it will not be recognized immediately if the permission is already cached.  
Example:
1. Log in with testuser to the order manager and it fails and caches the permission.
2. Give the testuser the order manager view and OFBTOOLS_VIEW permissions and try to log in again. OFBiz will say the user still does not have permissions.

*Reason:*
I noticed the cache would update correctly when I take permissions away, but the cache wouldn't clear when I added new permissions.  The addSecurityPermissionToSecurityGroup service (securityext/script/org/ofbiz/securityext/securitygroup/SecurityGroupServices.xml) attempts to remove the cached security group permission but it fails to find the key. The key given for cache removal is newEntity, but after the newEntity is created it contains all the entity's values (like the createdStamp and createdTxStamp).   The cache key should only have the PK values.

I still need to read the guidelines of contributing to the project, but below I put the fix I used on my ofbiz copy if someone wants to apply the fix sooner.

*Fix:*
Either you can call securityGroupPermissionCache.remove(newEntity) before the new <create-value value-name="newEntity"/> is called or you can make a lookupPKMap that only has the PK values and then use lookupPKMap to remove the permission cache.

Here is what my new function looks like:
{quote}
<simple-method method-name="addSecurityPermissionToSecurityGroup" short-description="Add SecurityPermission To SecurityGroup">
        <check-permission permission="SECURITY" action="_CREATE"><fail-message message="Security Error: to run addSecurityPermissionToSecurityGroup you must have the SECURITY_CREATE or SECURITY_ADMIN permission"/></check-permission>
        <check-errors/>

        <make-value value-name="newEntity" entity-name="SecurityGroupPermission"/>
        <set-pk-fields map-name="parameters" value-name="newEntity"/>
        <create-value value-name="newEntity"/>
       
        <!-- newEntity will have all SecurityGroupPermission values, so must create a PK entity for cache lookup to work -->
        <make-value value-name="lookupPKMap" entity-name="SecurityGroupPermission"/>
        <set-pk-fields map-name="parameters" value-name="lookupPKMap"/>
       
        <!-- clear the org.ofbiz.security.Security object's custom cache by newEntity -->
        <call-bsh><![CDATA[ org.ofbiz.security.Security.securityGroupPermissionCache.remove(lookupPKMap); ]]></call-bsh>
</simple-method>
{quote}



  was:
*Problem*
When I add a permission to a security group it will not be recognized immediately if the permission is already cached.  
Example:
1. Log in with testuser to the order manager and it fails and caches the permission.
2. Give the testuser the order manager view and OFBTOOLS_VIEW permissions and try to log in again. OFBiz will say the user still does not have permissions.

*Reason:*
I noticed the cache would update correctly when I take permissions away, but the cache wouldn't clear when I added new permissions.  The addSecurityPermissionToSecurityGroup service (securityext/script/org/ofbiz/securityext/securitygroup/SecurityGroupServices.xml) attempts to remove the cached security group permission but it fails to find the key. The key given for cache removal is newEntity, but after the newEntity is created it contains all the entity's values (like the createdStamp and createdTxStamp).   The cache key should only have the PK values.

I still need to read the guidelines of contributing to the project, but below I will put the fix I used on my ofbiz copy if someone wants to apply the fix sooner.

*Fix:*
Either you can call securityGroupPermissionCache.remove(newEntity) before the new <create-value value-name="newEntity"/> is called or you can make a lookupPKMap that only has the PK values and then use lookupPKMap to remove the permission cache.

Here is what my new function looks like:
{quote}
<simple-method method-name="addSecurityPermissionToSecurityGroup" short-description="Add SecurityPermission To SecurityGroup">
        <check-permission permission="SECURITY" action="_CREATE"><fail-message message="Security Error: to run addSecurityPermissionToSecurityGroup you must have the SECURITY_CREATE or SECURITY_ADMIN permission"/></check-permission>
        <check-errors/>

        <make-value value-name="newEntity" entity-name="SecurityGroupPermission"/>
        <set-pk-fields map-name="parameters" value-name="newEntity"/>
        <create-value value-name="newEntity"/>
       
        <!-- newEntity will have all SecurityGroupPermission values, so must create a PK entity for cache lookup to work -->
        <make-value value-name="lookupPKMap" entity-name="SecurityGroupPermission"/>
        <set-pk-fields map-name="parameters" value-name="lookupPKMap"/>
       
        <!-- clear the org.ofbiz.security.Security object's custom cache by newEntity -->
        <call-bsh><![CDATA[ org.ofbiz.security.Security.securityGroupPermissionCache.remove(lookupPKMap); ]]></call-bsh>
</simple-method>
{quote}




--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bruno Busco updated OFBIZ-2093:
-------------------------------

    Attachment: newPermToGroupCache.patch

Thank you Albert,
I tryed your suggestion and found that it fixes the bug.

I have attached a patch that implements what you suggest in a simpler way.
I have simply swapped the  <create-value> and <call-bsh> tags so that now the cache.remove is called with an untouched entity.
I cannot commit it but I have tested and I guess a committer will do it.

-Bruno


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

     [ https://issues.apache.org/jira/browse/OFBIZ-2093?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jacques Le Roux closed OFBIZ-2093.
----------------------------------

    Resolution: Fixed
      Assignee: Jacques Le Roux

Thanks Albert and Bruno,

I have applied your patch Bruno (as Albert suggested 1st) + the same fix for ProtectedViews in trunk revision 728266, R4 revision 728268.


--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.