[
https://issues.apache.org/jira/browse/ISIS-1044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14708446#comment-14708446
]
ASF subversion and git services commented on ISIS-1044:
-------------------------------------------------------
Commit 9417a0d01608ba640b881e391be8c8b0529b1321 in isis's branch
refs/heads/master from [~danhaywood]
[ https://git-wip-us.apache.org/repos/asf?p=isis.git;h=9417a0d ]
ISIS-1044: when filtering collections for visibility, ensure resultant object
is of the same type as the original.
as per mailing list (http://isis.markmail.org/thread/6pihpktvp7zly5vn) ...
previously was always returning an ArrayList, which would result in a
ClassCastException if the actual type was something else, eg a SortedSet (and
called via wrapper factory... doesn't show up as an issue if just using generic
UI).
The implementation suggested by Nacho in the ML would be ok for action
invocations (a standalone list) but might result in issues if manipulating the
collection returned by DataNucleus for a "managed" internal collection.
So have preserved the intent of the original design, but have introduced
CollectionUtils#copyOf(...), that copies the collection but also copies to the
expected type. If cannot copy, then returns null (and original unfiltered
collection is returned instead).
> Table counts and gmap3/fullcalendar2 do not honour any vetoing, eg by
> subscribers or WithApplicationTenancy
> -----------------------------------------------------------------------------------------------------------
>
> Key: ISIS-1044
> URL: https://issues.apache.org/jira/browse/ISIS-1044
> Project: Isis
> Issue Type: Improvement
> Components: Core
> Affects Versions: viewer-wicket-1.7.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Priority: Minor
> Fix For: 1.9.0
>
>
> Suppose that the Isis addon security module is being used with application
> tenancy checking; this means that the Wicket table
> (CollectionContentsAsAjaxTable) will only show rows for those entities for
> which the user is authorized (the visibility has not been vetoed).
> However, the underlying EntityCollectionModel does contain those objects, and
> the size of that collection is what is shown in the "showing 1-5 of 15"
> totals etc rendered at the bottom of the table.
> So the question is: how to ensure that figure is correct?
> * One option is to eagerly check the visibility of every item (even those not
> on the current page).
> * Another option is to suppress the totals, somehow (would require additional
> metadata, along with a worse UI for users
> ~~~
> Related: the gmap3/fullcalendar2/excel Isis addons do not check for the
> object visibility, meaning that they expose information when they should not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
