[
https://issues.apache.org/jira/browse/OFBIZ-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nicolas Malin reassigned OFBIZ-3699:
------------------------------------
Assignee: Nicolas Malin
> ServiceDispatcher.checkAuth modifies the context if the invocation service
> has a permissionServiceName
> ------------------------------------------------------------------------------------------------------
>
> Key: OFBIZ-3699
> URL: https://issues.apache.org/jira/browse/OFBIZ-3699
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Trunk
> Reporter: Bob Morley
> Assignee: Nicolas Malin
>
> Created as a result of thread:
> http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html
> The follow code in the ServiceDispatcher ...
> if (UtilValidate.isNotEmpty(origService.permissionServiceName)) {
> ...
> if (hasPermission.booleanValue()) {
> context.putAll(permResp);
> context = origService.makeValid(context,
> ModelService.IN_PARAM);
> ... causes the incoming context to be modified both by adding values from the
> results of the permission service but also by converting any datatypes to
> match those in the service definition. This hides any invalid service
> invocations (from a data type pov) and if the permisionServiceName is
> removed, the code would start failing with the incorrect data types.
> Suggest is to change this to something like ...
> Map<String, Object> permRespContext = ServiceUtil.setServiceFields(dctx,
> serviceName, permResp);
> context.putAll(permRespContext);
> The concern is that by doing this there may be some services that were
> relying on the data type conversion (because they were invalid requests)
> which would start to fail. Appropriate impact analysis of services that
> define "permissionServiceName" and appropriate resolutions need to be
> included with this change.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
