You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@isis.apache.org by "Dan Haywood (JIRA)" <ji...@apache.org> on 2015/08/14 19:10:45 UTC
[jira] [Updated] (ISIS-1044) Table counts and gmap3/fullcalendar2
do not honour any vetoing, eg by subscribers or WithApplicationTenancy
[ https://issues.apache.org/jira/browse/ISIS-1044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Haywood updated ISIS-1044:
------------------------------
Fix Version/s: (was: 1.10.0)
1.9.0
> Table counts and gmap3/fullcalendar2 do not honour any vetoing, eg by subscribers or WithApplicationTenancy
> -----------------------------------------------------------------------------------------------------------
>
> Key: ISIS-1044
> URL: https://issues.apache.org/jira/browse/ISIS-1044
> Project: Isis
> Issue Type: Improvement
> Components: Core
> Affects Versions: viewer-wicket-1.7.0
> Reporter: Dan Haywood
> Assignee: Dan Haywood
> Priority: Minor
> Fix For: 1.9.0
>
>
> Suppose that the Isis addon security module is being used with application tenancy checking; this means that the Wicket table (CollectionContentsAsAjaxTable) will only show rows for those entities for which the user is authorized (the visibility has not been vetoed).
> However, the underlying EntityCollectionModel does contain those objects, and the size of that collection is what is shown in the "showing 1-5 of 15" totals etc rendered at the bottom of the table.
> So the question is: how to ensure that figure is correct?
> * One option is to eagerly check the visibility of every item (even those not on the current page).
> * Another option is to suppress the totals, somehow (would require additional metadata, along with a worse UI for users
> ~~~
> Related: the gmap3/fullcalendar2/excel Isis addons do not check for the object visibility, meaning that they expose information when they should not.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)