Low priority privileges can clobber high priority privileges

Preconditions

None

Steps to Reproduce

None

Expected Result

None

Observed Result

None

Additional Comments

When checking privileges for a list of objects, low-priority privileges can sometimes overwrite higher-priority privileges for other objects in the list.

Steps to replicate:

1\. Start with a fresh Oscar DB, and log in as oscardoc
2\. set doctor privilege for "_admin.reporting" to "No rights" at priority 0.
3\. reload the main appointment screen to ensure that the admin menu is still visible. (It should be)
4\. grant role "doctor" "All Rights" for "_admin.billing" at priority 10.
5\. reload the main appointment screen. The admin menu is now missing, despite no roles/privileges being removed.

I've traced the problem to the function "getPrivilegeProp" in src/main/java/oscar/util/OscarRoleObjectPrivilege.java. When building the property list, low priority object privileges overwrite the higher priority privileges for a given role in the computed Properties object. So, in the example above, we start with a list like

-------------------------------------------------------------------

roleUserGroup

objectName

privilege

priority

provider_no

-------------------------------------------------------------------

doctor

_admin.billing

x

10

999998

doctor

_admin.reporting

o

0

999998

admin

_admin

x

0

999998

admin

_admin.reporting

x

0

999998

-------------------------------------------------------------------

the doctor role is first given 'x' privileges, but this is immediately overwritten by the 'o' from the succeeding line (and given priority 10).

Assignee

Unassigned

Reporter

Sourceforge Migration

OSCAR Build Date

None

OSCAR Build Tag

None

Client Browser

None

Client OS

None

Are you or your organization planning on submitting a fix for this bug in the next 30 days?

None

Validated by Reporter

None

SourceForge Reporter

fwkroon

SourceForge Assigned To

None

SourceForge Date Created

None

SourceForge ID

1,818

Affects versions

Priority

7
Configure