View button redirects to viewer showing hidden session attribute

Hello Folks!!!

I’m following the multitenant paradigm (https://www.cuba-platform.com/discuss/t/implement-multitenancy-through-access-groups) to segregate data so I set a session Attribute (companySession) and a corresponding Entity Attribute (companySessionId), which is supposed to be shown to top level administrators only.

Everything works fine for sub-tenants having all permissions on those Entities. Hitting Edit button, they get redirected to an edit page where they cannot see the hidden session Attribute.

Strange enough, though, Role Users with read-only permissions can go to the relevant Entity browser, hit the view button and be redirected to an “editor” (they cannot edit anything) showing the session Attribute which should be hidden from them.

Besides, if the same is done for platform attributes (e.g. createTs) (fetched and shown for top admins while hidden for sub-Roles) everything works as expected…

Why is it so?

Thank you

Lucio

Hi,

Thank you for reporting the problem. It is a bug in FieldGroup component, we are going to fix it in the next bug fix version on 6.4 release. See: https://youtrack.cuba-platform.com/issue/PL-8916

1 Like

Thank you!

:ticket: See the following issue in our bug tracker:

https://youtrack.cuba-platform.com/issue/PL-8916