Bug #663 (closed)
Opened 17 years ago
Closed 14 years ago
Query with user filter can still produce security violation
| Reported by: | jamoore | Owned by: | jamoore |
|---|---|---|---|
| Priority: | minor | Cc: | |
| Sprint: | n.a. | ||
| Total Remaining Time: | n.a. |
Description
ome.parameters.Filter filter = new ome.parameters.Filter().owner(uid);
ome.parameters.Parameters params = new ome.parameters.Parameters(filter);
list =
query.findAllByQuery("select p from Project p" +
" left outer join fetch p.datasetLinks l"+
" left outer join fetch l.child d",params);
can produce
Exception in thread "main" ome.conditions.SecurityViolation: Cannot read ome.model.containers.Dataset
at ome.security.basic.BasicACLVoter.throwLoadViolation(BasicACLVoter.java:83)
at ome.security.ACLEventListener.onPostLoad(ACLEventListener.java:106)
at org.hibernate.engine.TwoPhaseLoad.initializeEntity(TwoPhaseLoad.java:201)
at org.hibernate.loader.Loader.initializeEntitiesAndCollections(Loader.java:842)
at org.hibernate.loader.Loader.doQuery(Loader.java:717)
at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections(Loader.java:224)
at org.hibernate.loader.Loader.doList(Loader.java:2211)
at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095)
at org.hibernate.loader.Loader.list(Loader.java:2090)
Change History (5)
comment:1 Changed 17 years ago by jmoore
- Milestone changed from 3.0-Beta2 to 3.0-Beta3
comment:2 Changed 16 years ago by jmoore
- Milestone changed from 3.0-Beta3 to 3.0-Beta4
comment:3 Changed 15 years ago by jmoore
- Milestone changed from OMERO-Beta4 to OMERO-Beta4.1
comment:4 Changed 15 years ago by jmoore
- Milestone changed from OMERO-Beta4.1 to OMERO-Beta4.2
comment:5 Changed 14 years ago by jmoore
- Resolution set to duplicate
- Status changed from new to closed
see #1798
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
Perhaps important during paging/etc. for "big things"