Skip to content

Deep link for newrequest/allProducts with both UID_Person and serviceItem fails if authenticated user cannot access the shelf #498

Description

@RobertMueller2

Is this a regression?

No

Severity

🟡 Minor – small but noticeable issue

Please provide the branch(es) you discovered this issue in

v93 including up to 6be69c4

Environment Details

9.3 v93-311513 with latest git

Please provide a minimal set of steps to reproduce the issue

  1. create a shop/shelf that is only accessible to subidentities
  2. add a product to said shelf
  3. login to the portal with a user who has a subidentity where the subidentity can access the shelf and the main identity cannot
  4. construct a deep link like this: http://localhost:4200/#/newrequest/allProducts?serviceItem=<UID of the product>&UID_Person=<UID of the subidentity>
  5. observe that the portal falls back to showing all products, not the requested one

Description

We're trying to provide deep links for products which are only relevant to subidenties. We're sending product links for those via generated mail. Subidentities cannot login to the webportal because of SSO, only main identities can access it. Therefore the product link needs to contain UID_Person as well. Such a deep link with both UID_Person and serviceItem works fine as long as the logged in user can access the shelf. But if they cannot, the deep link fails.

I could not say for sure whether this ever worked in the angular portal, so I selected "no" above. We do suspect so though, because the mails were added a long time before we migrated to 9.3.1 and only recently we have received error reports about the links not working.

Describe what you expected to happen versus what actually happened

My expectation is that the product page shows the serviceItem passed in the URL.
Instead, all products are being displayed.

Relevant logs or console output

Add a screenshot(s) if that helps illustrate the problem

No response

Suggested Fix

AFAICT, the first iteration of ngOnInit in new-request-product-component.ts is performed with the authenticated user, not the UID_Person from the parameter.

Anything else?

No response

Before submitting...

  • I have searched for existing issues that match this one on github and on the community support page
  • I have included all necessary details to reproduce this issue

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions