Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6F792200B83 for ; Sat, 17 Sep 2016 09:50:22 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6E252160ACD; Sat, 17 Sep 2016 07:50:22 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B4723160ABB for ; Sat, 17 Sep 2016 09:50:21 +0200 (CEST) Received: (qmail 13813 invoked by uid 500); 17 Sep 2016 07:50:20 -0000 Mailing-List: contact notifications-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list notifications@ofbiz.apache.org Received: (qmail 13802 invoked by uid 99); 17 Sep 2016 07:50:20 -0000 Received: from arcas.apache.org (HELO arcas) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 17 Sep 2016 07:50:20 +0000 Received: from arcas.apache.org (localhost [127.0.0.1]) by arcas (Postfix) with ESMTP id C377E2C014C for ; Sat, 17 Sep 2016 07:50:20 +0000 (UTC) Date: Sat, 17 Sep 2016 07:50:20 +0000 (UTC) From: "Nicolas Malin (JIRA)" To: notifications@ofbiz.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (OFBIZ-3699) ServiceDispatcher.checkAuth modifies the context if the invocation service has a permissionServiceName MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sat, 17 Sep 2016 07:50:22 -0000 [ https://issues.apache.org/jira/browse/OFBIZ-3699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Nicolas Malin reassigned OFBIZ-3699: ------------------------------------ Assignee: Nicolas Malin > ServiceDispatcher.checkAuth modifies the context if the invocation service has a permissionServiceName > ------------------------------------------------------------------------------------------------------ > > Key: OFBIZ-3699 > URL: https://issues.apache.org/jira/browse/OFBIZ-3699 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Trunk > Reporter: Bob Morley > Assignee: Nicolas Malin > > Created as a result of thread: http://n4.nabble.com/Magically-converted-types-from-simpleTypeConvert-td1838891.html > The follow code in the ServiceDispatcher ... > if (UtilValidate.isNotEmpty(origService.permissionServiceName)) { > ... > if (hasPermission.booleanValue()) { > context.putAll(permResp); > context = origService.makeValid(context, ModelService.IN_PARAM); > ... causes the incoming context to be modified both by adding values from the results of the permission service but also by converting any datatypes to match those in the service definition. This hides any invalid service invocations (from a data type pov) and if the permisionServiceName is removed, the code would start failing with the incorrect data types. > Suggest is to change this to something like ... > Map permRespContext = ServiceUtil.setServiceFields(dctx, serviceName, permResp); > context.putAll(permRespContext); > The concern is that by doing this there may be some services that were relying on the data type conversion (because they were invalid requests) which would start to fail. Appropriate impact analysis of services that define "permissionServiceName" and appropriate resolutions need to be included with this change. -- This message was sent by Atlassian JIRA (v6.3.4#6332)