0050160: Write access should not be done when flushing dirty changes of bobs saved in admin mode

2022-09-05 13:01:01,032 [http-7] ERROR org.openbravo.base.exception.OBSecurityException - Entity OBEDL_Request is not writable by this user org.openbravo.base.exception.OBSecurityException: Entity OBEDL_Request is not writable by this user at org.openbravo.dal.security.SecurityChecker.checkWriteAccess(SecurityChecker.java:149) ~[classes/:?] at org.openbravo.dal.security.SecurityChecker.checkWriteAccess(SecurityChecker.java:107) ~[classes/:?] at org.openbravo.dal.core.OBInterceptor.doEvent(OBInterceptor.java:353) ~[classes/:?] at org.openbravo.dal.core.OBInterceptor.onFlushDirty(OBInterceptor.java:186) ~[classes/:?] at org.hibernate.event.internal.DefaultFlushEntityEventListener.invokeInterceptor(DefaultFlushEntityEventListener.java:374) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.internal.DefaultFlushEntityEventListener.handleInterception(DefaultFlushEntityEventListener.java:351) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.internal.DefaultFlushEntityEventListener.scheduleUpdate(DefaultFlushEntityEventListener.java:302) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.internal.DefaultFlushEntityEventListener.onFlushEntity(DefaultFlushEntityEventListener.java:171) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.service.internal.EventListenerGroupImpl.fireEventOnEachListener(EventListenerGroupImpl.java:107) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.internal.AbstractFlushingEventListener.flushEntities(AbstractFlushingEventListener.java:229) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.internal.AbstractFlushingEventListener.flushEverythingToExecutions(AbstractFlushingEventListener.java:93) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.internal.DefaultFlushEventListener.onFlush(DefaultFlushEventListener.java:39) ~[hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.event.service.internal.EventListenerGroupImpl.fireEventOnEachListener(EventListenerGroupImpl.java:107) [hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.internal.SessionImpl.doFlush(SessionImpl.java:1402) [hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.hibernate.internal.SessionImpl.flush(SessionImpl.java:1389) [hibernate-core-5.6.0.Final.jar:5.6.0.Final] at org.openbravo.dal.service.OBDal.flush(OBDal.java:265) [classes/:?] at org.openbravo.dal.core.SessionHandler.flushRemainingChanges(SessionHandler.java:700) [classes/:?] at org.openbravo.dal.core.SessionHandler.commitAndClose(SessionHandler.java:607) [classes/:?] at org.openbravo.dal.core.SessionHandler.commitAndClose(SessionHandler.java:589) [classes/:?] at org.openbravo.dal.core.DalThreadCleaner.closeDefaultPoolSession(DalThreadCleaner.java:75) [classes/:?] at org.openbravo.dal.core.DalThreadCleaner.clean(DalThreadCleaner.java:55) [classes/:?] at org.openbravo.dal.core.DalThreadCleaner.cleanWithCommit(DalThreadCleaner.java:43) [classes/:?] at org.openbravo.dal.core.DalThreadHandler.doFinal(DalThreadHandler.java:46) [classes/:?] at org.openbravo.dal.core.DalRequestFilter$1.doFinal(DalRequestFilter.java:110) [classes/:?] at org.openbravo.dal.core.ThreadHandler.run(ThreadHandler.java:66) [classes/:?] at org.openbravo.dal.core.DalRequestFilter.doFilter(DalRequestFilter.java:118) [classes/:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) [log4j-web-2.17.1.jar:2.17.1] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat8-catalina-8.5.39.jar:8.5.39] at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:476) [tomcat8-coyote-8.5.39.jar:8.5.39] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat8-coyote-8.5.39.jar:8.5.39] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) [tomcat8-coyote-8.5.39.jar:8.5.39] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) [tomcat8-coyote-8.5.39.jar:8.5.39] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat8-coyote-8.5.39.jar:8.5.39] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat8-util-8.5.39.jar:8.5.39] at java.lang.Thread.run(Thread.java:829) [?:?]

Notes
(0140838) hgbot (developer) 2022-09-08 09:33	Merge Request created: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/705 [^]

(0141403) hgbot (developer) 2022-09-27 13:52	Directly closing issue as related merge request is already approved. Repository: https://gitlab.com/openbravo/product/openbravo [^] Changeset: a0abd477c5478133fb582a4658a29bd1a57ad6dd Author: Carlos Aristu <carlos.aristu@openbravo.com> Date: 27-09-2022 11:50:57 URL: https://gitlab.com/openbravo/product/openbravo/-/commit/a0abd477c5478133fb582a4658a29bd1a57ad6dd [^] fixes BUG-50160: Skip write access check when flushing BOBs saved in admin mode Skip the write access check which is done after editing a BOB previously saved being in admin mode. Under this scenario, the OBInterceptor is invoked due to having dirty changes pending to be flushed. With this fix we keep track if the write and org/client access checks were enabled when a BaseOBObject is saved and use this information when the object is eventually flushed. We have three possible scenarios: 1) The object is not saved in admin mode: both access checks will be done for the BOB when it is flushed 2) The object is saved in admin mode, having called setAdminMode(false): both access checks will be skipped for the BOB when it is flushed 3) The object is saved in admin mode, having called setAdminMode(true): only the org/client access check is done for the BOB when it is flushed --- M src-test/src/org/openbravo/test/dal/AdminContextTest.java M src/org/openbravo/base/structure/BaseOBObject.java M src/org/openbravo/dal/security/SecurityChecker.java M src/org/openbravo/dal/service/OBDal.java ---

(0141404) hgbot (developer) 2022-09-27 13:52	Merge request merged: https://gitlab.com/openbravo/product/openbravo/-/merge_requests/705 [^]

Issue History
Date Modified	Username	Field	Change
2022-09-05 15:55	XABIER_AGUADO	New Issue
2022-09-05 15:55	XABIER_AGUADO	Assigned To	=> Triage Platform Conn
2022-09-05 15:55	XABIER_AGUADO	File Added: log.txt
2022-09-05 15:55	XABIER_AGUADO	Triggers an Emergency Pack	=> No
2022-09-05 15:55	XABIER_AGUADO	Description Updated	View Revisions
2022-09-05 16:04	XABIER_AGUADO	Tag Attached: FASH
2022-09-08 09:33	hgbot	Note Added: 0140838
2022-09-09 12:41	caristu	Summary	Some Roles end up having Infinite Loading Screens when trying to do DOIs => Write access should not be done when flushing bobs created/edited in admin mode
2022-09-09 12:41	caristu	Description Updated	View Revisions
2022-09-09 12:41	caristu	Steps to Reproduce Updated	View Revisions
2022-09-09 12:41	caristu	Project	Retail Modules => Openbravo ERP
2022-09-09 12:41	caristu	Modules	=> Core
2022-09-09 12:41	caristu	Category	Retail API => A. Platform
2022-09-09 12:41	caristu	Relationship added	related to 0048579
2022-09-09 12:49	caristu	Status	new => scheduled
2022-09-27 13:52	hgbot	Resolution	open => fixed
2022-09-27 13:52	hgbot	Status	scheduled => closed
2022-09-27 13:52	hgbot	Fixed in Version	=> PR22Q4
2022-09-27 13:52	hgbot	Note Added: 0141403
2022-09-27 13:52	hgbot	Note Added: 0141404
2022-09-27 13:53	caristu	Summary	Write access should not be done when flushing bobs created/edited in admin mode => Write access should not be done when flushing dirty changes of bobs saved in admin mode
2022-09-27 13:53	caristu	Description Updated	View Revisions
2022-09-27 13:53	caristu	Steps to Reproduce Updated	View Revisions
2022-09-29 11:33	caristu	Assigned To	Triage Platform Conn => caristu
2023-10-26 11:03	njimenez	Relationship added	related to 0053767