OFBiz
  1. OFBiz
  2. OFBIZ-4206

Project Manager throws error if project user is not assigned to every project

    Details

    • Type: Bug Bug
    • Status: Patch Available
    • Priority: Minor Minor
    • Resolution: Unresolved
    • Affects Version/s: Release 09.04, Release Branch 12.04, Trunk
    • Fix Version/s: None
    • Labels:
    • Environment:

      RHEL 5.5 32 bit JDK

    • Sprint:
      Bug Crush Event - 21/2/2015

      Description

      The project manager returns an error on the main page unless every user is added to every single project. It should return a list of just the projects the user is assigned to.

      :ERROR MESSAGE:
      org.ofbiz.widget.screen.ScreenRenderException: Error rendering screen component://common/widget/CommonScreens.xml#GlobalDecorator: java.lang.IllegalArgumentException: Error running Groovy script at location [component://projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy]: org.ofbiz.service.ServiceAuthException: You have no access to the project#: 10040 (Error running Groovy script at location [component://projectmgr/webapp/projectmgr/WEB-INF/actions/ListCurrentProjects.groovy]: org.ofbiz.service.ServiceAuthException: You have no access to the project#: 10040)

      It defeats the point.

        Activity

        Hide
        Pierre Smits added a comment -

        This patch will alleviate the problem.

        Show
        Pierre Smits added a comment - This patch will alleviate the problem.
        Hide
        Mansour Al Akeel added a comment -

        Thank you Peirre
        When will this patch find its way to trunk ?

        Show
        Mansour Al Akeel added a comment - Thank you Peirre When will this patch find its way to trunk ?
        Hide
        Mansour Al Akeel added a comment -

        Pierre,
        The patch seems to restrict access to this scree to "PROJECTMGR_ADMIN".
        I am not sure if this issue is to be resolved in the screen or making the service returns projects the user has access to.

        I appreciate your help here.

        Show
        Mansour Al Akeel added a comment - Pierre, The patch seems to restrict access to this scree to "PROJECTMGR_ADMIN". I am not sure if this issue is to be resolved in the screen or making the service returns projects the user has access to. I appreciate your help here.
        Hide
        Jacques Le Roux added a comment -

        (Pierre Smits on dev ML)
        Hi Mansour,

        You are right. The patch indeed does that and returns a blank screen for
        users other than with access 'PROJECTMGR_ADMIN. Other users can look at
        projects which will show projects the user is a member of.

        At the moment I do not have the time to work on a more elaborate solution.
        The patch is just a quick fix...

        Regards,

        Pierre

        Show
        Jacques Le Roux added a comment - (Pierre Smits on dev ML) Hi Mansour, You are right. The patch indeed does that and returns a blank screen for users other than with access 'PROJECTMGR_ADMIN. Other users can look at projects which will show projects the user is a member of. At the moment I do not have the time to work on a more elaborate solution. The patch is just a quick fix... Regards, Pierre
        Hide
        Jacques Le Roux added a comment -

        What is the situation here?

        Show
        Jacques Le Roux added a comment - What is the situation here?
        Hide
        Pierre Smits added a comment -

        Jacques,

        The situation still exists.
        You can test this (for yourself) by creating a new user in the demo environment for R12.. (designated '12.04 Release Branch Demo (old) ' on the OFBiz website). When testing it, the user should have role PROVIDER_FUNCTIONAL and permission PROJECTUSER.

        It can NOT be tested in the other demo environment (designated '13.07 Release Branch Demo (stable)' on the OFBiz website), as the Project Management component - like many other in the special purpose stack - is not included in this demo environment.

        Regards,

        Pierre

        Show
        Pierre Smits added a comment - Jacques, The situation still exists. You can test this (for yourself) by creating a new user in the demo environment for R12.. (designated '12.04 Release Branch Demo (old) ' on the OFBiz website). When testing it, the user should have role PROVIDER_FUNCTIONAL and permission PROJECTUSER. It can NOT be tested in the other demo environment (designated '13.07 Release Branch Demo (stable)' on the OFBiz website), as the Project Management component - like many other in the special purpose stack - is not included in this demo environment. Regards, Pierre
        Hide
        Jacques Le Roux added a comment -

        Pierre,

        Thanks for report about stable demo. It should be OK now. I tried to do something complicated with svn external. Now it's much simpler, I import all external from trunk, KISS way!

        Show
        Jacques Le Roux added a comment - Pierre, Thanks for report about stable demo. It should be OK now. I tried to do something complicated with svn external. Now it's much simpler, I import all external from trunk, KISS way!
        Hide
        Jacques Le Roux added a comment -
        Show
        Jacques Le Roux added a comment - BTW you might be interested by http://svn.apache.org/repos/asf/ofbiz/trunk/tools/demo-backup
        Hide
        Jacques Le Roux added a comment -

        Pierre,

        If this is also in trunk could you please change the affected versions?

        Show
        Jacques Le Roux added a comment - Pierre, If this is also in trunk could you please change the affected versions?
        Hide
        Pierre Smits added a comment -

        Jacques,

        I can't! I don't have that kind of permissions.

        Regards,

        Pierre

        Show
        Pierre Smits added a comment - Jacques, I can't! I don't have that kind of permissions. Regards, Pierre
        Hide
        Jacques Le Roux added a comment -

        Ha yes sorry, you did not create this issue. But you confirm the trunk is affected,right?

        Show
        Jacques Le Roux added a comment - Ha yes sorry, you did not create this issue. But you confirm the trunk is affected,right?
        Hide
        Pierre Smits added a comment -

        Jacques,

        This bug existed in 09.04. I supplied a patch in 2011. I established, in July this year, that the problem existed in 12.04. That means it existed also in 10.04 and 11.04. Nothing has changed since then. So expect it to be an issue in 13.07 and trunk.

        As I am currently busy with something else, I can't address any deeper for the time being. This could have been resolved years ago.

        Show
        Pierre Smits added a comment - Jacques, This bug existed in 09.04. I supplied a patch in 2011. I established, in July this year, that the problem existed in 12.04. That means it existed also in 10.04 and 11.04. Nothing has changed since then. So expect it to be an issue in 13.07 and trunk. As I am currently busy with something else, I can't address any deeper for the time being. This could have been resolved years ago.
        Hide
        Pierre Smits added a comment -

        It still exists in trunk, therefor also in 13.07

        Show
        Pierre Smits added a comment - It still exists in trunk, therefor also in 13.07
        Hide
        Jacques Le Roux added a comment -

        Thanks Pierre!

        Show
        Jacques Le Roux added a comment - Thanks Pierre!
        Hide
        Jacques Le Roux added a comment -

        Pierre,

        I did not test all, but because of ListCurrentProjects.groovy, it seems to me that a better patch would be (with a better corresponding new fail label)

        Index: specialpurpose/projectmgr/widget/CommonScreens.xml
        ===================================================================
        --- specialpurpose/projectmgr/widget/CommonScreens.xml	(revision 1639842)
        +++ specialpurpose/projectmgr/widget/CommonScreens.xml	(working copy)
        @@ -286,9 +286,23 @@
                     <widgets>
                         <decorator-screen name="main-decorator" location="${parameters.mainDecoratorLocation}">
                             <decorator-section name="body">
        -                        <screenlet title="${uiLabelMap.ProjectMgrProjectSummary}" navigation-form-name="ListCurrentProjects">
        -                            <include-form name="ListCurrentProjects" location="component://projectmgr/widget/forms/ProjectForms.xml"/>
        -                        </screenlet>
        +                        <section>
        +                            <condition>
        +                                <and>
        +                                    <if-has-permission permission="PROJECTMGR" action="_ADMIN"/>
        +                                    <if-has-permission permission="PROJECTMGR" action="_ROLE_ADMIN"/>
        +                                    <if-has-permission permission="PROJECTMGR" action="_ROLE_VIEW"/>
        +                                </and>
        +                            </condition>
        +                            <widgets>
        +                                <screenlet title="${uiLabelMap.ProjectMgrProjectSummary}" navigation-form-name="ListCurrentProjects">
        +                                    <include-form name="ListCurrentProjects" location="component://projectmgr/widget/forms/ProjectForms.xml"/>
        +                                </screenlet>
        +                            </widgets>
        +                            <fail-widgets>
        +                                <label style="h3">${uiLabelMap.ProjectMgrAdminViewPermissionError}</label>
        +                            </fail-widgets>                            
        +                        </section>
                             </decorator-section>
                         </decorator-screen>
                     </widgets>
        

        Could you test with roles and project with a a simple PROJECTUSER?

        Show
        Jacques Le Roux added a comment - Pierre, I did not test all, but because of ListCurrentProjects.groovy, it seems to me that a better patch would be (with a better corresponding new fail label) Index: specialpurpose/projectmgr/widget/CommonScreens.xml =================================================================== --- specialpurpose/projectmgr/widget/CommonScreens.xml (revision 1639842) +++ specialpurpose/projectmgr/widget/CommonScreens.xml (working copy) @@ -286,9 +286,23 @@ <widgets> <decorator-screen name= "main-decorator" location= "${parameters.mainDecoratorLocation}" > <decorator-section name= "body" > - <screenlet title= "${uiLabelMap.ProjectMgrProjectSummary}" navigation-form-name= "ListCurrentProjects" > - <include-form name= "ListCurrentProjects" location= "component: //projectmgr/widget/forms/ProjectForms.xml" /> - </screenlet> + <section> + <condition> + <and> + < if -has-permission permission= "PROJECTMGR" action= "_ADMIN" /> + < if -has-permission permission= "PROJECTMGR" action= "_ROLE_ADMIN" /> + < if -has-permission permission= "PROJECTMGR" action= "_ROLE_VIEW" /> + </and> + </condition> + <widgets> + <screenlet title= "${uiLabelMap.ProjectMgrProjectSummary}" navigation-form-name= "ListCurrentProjects" > + <include-form name= "ListCurrentProjects" location= "component: //projectmgr/widget/forms/ProjectForms.xml" /> + </screenlet> + </widgets> + <fail-widgets> + <label style= "h3" >${uiLabelMap.ProjectMgrAdminViewPermissionError}</label> + </fail-widgets> + </section> </decorator-section> </decorator-screen> </widgets> Could you test with roles and project with a a simple PROJECTUSER?
        Hide
        Jacques Le Roux added a comment -

        Hi Pierre, did you get a chance to test my proposition?

        Show
        Jacques Le Roux added a comment - Hi Pierre, did you get a chance to test my proposition?
        Hide
        Pierre Smits added a comment -

        Jacques,

        Thanks for the heads up. Will test it this weekend, and get back with the results.

        Regards,

        Pierre

        Show
        Pierre Smits added a comment - Jacques, Thanks for the heads up. Will test it this weekend, and get back with the results. Regards, Pierre
        Hide
        Pierre Smits added a comment - - edited

        Jacques,

        I have tested your proposed modification

        It works, as it shows the message 'You need at least a PROJECT_ADMIN permission to view this screen'.
        But it is a solution I am not particular fond of, as it shows a message to the average user regarding something they won't get. The majority of users won't be persons with the permission PROJECT_ADMIN, but persons with the permission PROJECT_USER.

        Regards,

        Pierre

        Show
        Pierre Smits added a comment - - edited Jacques, I have tested your proposed modification It works, as it shows the message 'You need at least a PROJECT_ADMIN permission to view this screen'. But it is a solution I am not particular fond of, as it shows a message to the average user regarding something they won't get. The majority of users won't be persons with the permission PROJECT_ADMIN, but persons with the permission PROJECT_USER. Regards, Pierre
        Hide
        Pierre Smits added a comment -

        I will test other options also.

        Show
        Pierre Smits added a comment - I will test other options also.
        Hide
        Jacques Le Roux added a comment -

        Pierre,

        I suggested a better label, what do you suggest?

        Show
        Jacques Le Roux added a comment - Pierre, I suggested a better label, what do you suggest?
        Hide
        Jacques Le Roux added a comment -

        What's up?

        Show
        Jacques Le Roux added a comment - What's up?

          People

          • Assignee:
            Unassigned
            Reporter:
            Tolulope Aganga-Williams
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:

              Time Tracking

              Estimated:
              Original Estimate - 24h
              24h
              Remaining:
              Remaining Estimate - 24h
              24h
              Logged:
              Time Spent - Not Specified
              Not Specified

                Development

                  Agile