(checkOperationPermitted should check old data of modified fields) RowLevelSecurityException: UPDATE is not permitted for entity

Hi,

I think it’s bug:

A RowLevelSecurityException: UPDATE is not permitted for entity XXX is thrown when i try to update
an entity with a constraint in a group (update operation type),

in this case, the checkOperationPermitted method should check constraints with old data of modified fields used in the constraint.

Attached project :
https://youtrack.cuba-platform.com/_persistent/dynAccess.zip?file=96-568882&c=true

Create constraint in group company
Entity name: Customer (dynaccess$Customer)
operation type: update
Groovy Script
{E}.status != parse(com.company.dynaccess.entity.Status.class, ‘platinum’)
(will deny the edit action for any entity with status equal to “platinum”.

1 Senario;
Access to list of customers
Create a customer with platinum status
Save
customer created
Edit the same customer and modifiy name field then save
customer updated (wrong result , an error should appear , user cant’ update the entity)

2 Senario;
Access to list of customers
Create a customer with gold status
Save
Edit the same customer
modify the status field to ‘Platinum’
Save
A RowLevelSecurityException: UPDATE is not permitted for entity Customer is throw (wrong result, the user can
edit the entity and save the new data, the old value of status was Gold and here the constraint should
make the test with the old data of the entity).

Hi Mounir,

Scenario 1 is not reproduced. Did you perform re-login after you created a constraint?
Scenario 2. You can access old attribute value using com.haulmont.cuba.core.PersistenceTools#getOldValue

Thanks,
Andrey

Hi Andrey,

Thanks for answers.

I can’t reproduce 1 Senario anymore after closing browser and clear cache.

About 2 senario :s
From the documentation Constraints - CUBA Platform. Developer’s Manual about Constraints

Blockquote
Note that constraints are checked for all operations performed from the client tier through the standard DataManager. If an entity does not match the constraints conditions during creation, modification or deletion, the RowLevelSecurityException is thrown.
Blockquote

The constraint is checkd with the new data of entity.

assume the senario( i have defined a constraint that deny the update for any entity with status equal
to “platinum” : {E}.status != parse(com.company.dynaccess.entity.Status.class, ‘platinum’) )
And i want to update an entity with status “gold” to “premium”.

the constraint deny the save action.

how i can authorise the update in this case ?
Or
how i can use PersistenceTools in Groovy Script to call getOldValue method or calling
a service method (an exemple of code).

Thanks advance.

Hi Mounir,

The constraint is checked with the new data of entity

It is correct. Constraints are checked for entities with changes, which are passed to DataManager.
You can access old attribute values (before change) using PersistenceTools.getOldValue, e.g:

import com.haulmont.cuba.core.Persistence
Persistence persistence = AppBeans.get(Persistence.class)
def oldStatus = persistence.tools.getOldValue({E},"status")
return oldStatus != parse(com.company.dynaccess.entity.Status.class, 'platinum') 

Thanks,
Andrey

Hi Andry,

Thank you for the e.g (it’s work).

Rgards,
Mounir