[PT-3746] Passing a group to EntityAccessManager.isAdministrator triggers an XWiki permissions cache bug - PhenoTips issues

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.3.7, 1.4-milestone-4
Fix Version/s: 1.3.8, 1.4-rc-1
Component/s: patient-access-rules, security
Labels:
None

Description

Passing a group to PatientAccessHelper.isAdministrator (1.3) or EntityAccessManager.isAdministrator (1.4) results in a call to AuthorizationManager.hasAccess with a group reference. This may trigger XWIKI-12862 and cause loss of permissions for users belonging to that group if the group is not already in the cache.

Attachments

Issue links

causes

PT-3739 Grids: Subgroup members should be able to see all cases their main group is assigned as collaborator

Closed

Activity

People

Assignee:

Alina Gvozdik

Reporter:

Alina Gvozdik

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

28 Jun 18 11:42 AM

Updated:

03 Jul 18 3:30 PM

Resolved:

30 Jun 18 11:59 PM