Bug #663 (closed)
Opened 18 years ago
Closed 15 years ago
Query with user filter can still produce security violation
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | minor | Cc: | |
Sprint: | n.a. | ||
Total Remaining Time: | n.a. |
Description
ome.parameters.Filter filter = new ome.parameters.Filter().owner(uid); ome.parameters.Parameters params = new ome.parameters.Parameters(filter); list = query.findAllByQuery("select p from Project p" + " left outer join fetch p.datasetLinks l"+ " left outer join fetch l.child d",params);
can produce
Exception in thread "main" ome.conditions.SecurityViolation: Cannot read ome.model.containers.Dataset at ome.security.basic.BasicACLVoter.throwLoadViolation(BasicACLVoter.java:83) at ome.security.ACLEventListener.onPostLoad(ACLEventListener.java:106) at org.hibernate.engine.TwoPhaseLoad.initializeEntity(TwoPhaseLoad.java:201) at org.hibernate.loader.Loader.initializeEntitiesAndCollections(Loader.java:842) at org.hibernate.loader.Loader.doQuery(Loader.java:717) at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:224) at org.hibernate.loader.Loader.doList(Loader.java:2211) at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) at org.hibernate.loader.Loader.list(Loader.java:2090)
Change History (5)
comment:1 Changed 17 years ago by jmoore
- Milestone changed from 3.0-Beta2 to 3.0-Beta3
comment:2 Changed 17 years ago by jmoore
- Milestone changed from 3.0-Beta3 to 3.0-Beta4
comment:3 Changed 16 years ago by jmoore
- Milestone changed from OMERO-Beta4 to OMERO-Beta4.1
comment:4 Changed 15 years ago by jmoore
- Milestone changed from OMERO-Beta4.1 to OMERO-Beta4.2
comment:5 Changed 15 years ago by jmoore
- Resolution set to duplicate
- Status changed from new to closed
see #1798
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
Perhaps important during paging/etc. for "big things"