Access Denied error when updating Enity in code if row level role is present

lalajaipur68 · February 14, 2025, 1:45pm

I want to prevent editing of task with status ‘Completed’. I used this row level role and it is working fine.

@PredicateRowLevelPolicy(entityClass = Task.class, actions = RowLevelPolicyAction.UPDATE)
default RowLevelBiPredicate<Task, ApplicationContext> taskPredicate() {
return (task, applicationContext) → {
return !task.getStatus().equals(EnumTaskStatus.COMPLETED);
};
}

Now i am changing the status of taks programitacally by this code and it is also woking fine if row level role as shown above is absent.

if (tasksDataGrid.getSingleSelectedItem() != null) {
Task cm = tasksDataGrid.getSingleSelectedItem();
cm.setState(“Completed”);
cm.setStatus(EnumTaskStatus.COMPLETED);
dataManager.save(cm);
btnComplete.setEnabled(false);
}

But this code gives access denied error (and viewbecome inactive) if row level role is defined.

Please advice

d.kremnev · February 17, 2025, 6:57am

Hi!

The policy worked as expected. You are trying to save a task with a COMPLETED status. It satisfies the predicate condition you specified in the policy, so an exception occurs.

If you want to check the previous status value, you will have to reload the entity using the dataManager. You can get dataManager directly in the policy using applicationContext.getBean(DataManager.class).

However, please note that you will have an additional load from the database every time you try to save an entity. This is a bad practice and affects performance.

It would be better to set the check in the screen where the entity can be edited. You can immediately save the status value when opening the entity for editing. This way you will avoid additional data loading.

Also, if you are using the standard detail view, you can simply disable the detail_saveClose action using the condition in the enableRule action handler.

Regards,
Dmitriy

lalajaipur68 · February 17, 2025, 7:07am

Thanks @d.kremnev

My task entity is intially with “New” status and i am changing the status to “Completed” by a button click in standard list view.

When task is not in completed status access should not be denied as entity status is not “complete”.

Otherwise how to do this -

Task with 'Completed" status can’t be edited (by Row level role)
Task with status “New” can be closed by Button Click.

Thanks