What authorities are needed to merge?

I am trying to create a user role that can merge clients and patients but not having any luck.

What permissions does this need?

The following is the log entry:

23 May 2017 14:27:32,199 ERROR ErrorHelper,http-bio-8080-exec-1032:184 - lachie - Access is denied

org.openvpms.component.business.service.security.OpenVPMSAccessDeniedException: Access is denied

    at org.openvpms.component.business.service.security.OpenVPMSMethodSecurityInterceptor.invoke(OpenVPMSMethodSecurityInterceptor.java:52)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)

    at com.sun.proxy.$Proxy19.remove(Unknown Source)

    at org.openvpms.component.business.service.archetype.rule.ArchetypeRuleService$3.run(ArchetypeRuleService.java:151)

    at org.openvpms.component.business.service.archetype.rule.ArchetypeRuleService$4.doInTransaction(ArchetypeRuleService.java:174)

    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:131)

    at org.openvpms.component.business.service.archetype.rule.ArchetypeRuleService.execute(ArchetypeRuleService.java:171)

    at org.openvpms.component.business.service.archetype.rule.ArchetypeRuleService.remove(ArchetypeRuleService.java:149)

    at org.openvpms.archetype.rules.party.CustomerMerger.remove(CustomerMerger.java:166)

    at org.openvpms.archetype.rules.party.CustomerMerger.moveParticipations(CustomerMerger.java:92)

    at org.openvpms.archetype.rules.party.PartyMerger.merge(PartyMerger.java:127)

    at org.openvpms.archetype.rules.party.PartyMerger.merge(PartyMerger.java:105)

    at org.openvpms.archetype.rules.party.CustomerRules.mergeCustomers(CustomerRules.java:78)

    at org.openvpms.web.workspace.customer.info.CustomerMergeWorkflow$2.doInTransaction(CustomerMergeWorkflow.java:112)

    at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:131)

    at org.openvpms.web.workspace.customer.info.CustomerMergeWorkflow.merge(CustomerMergeWorkflow.java:108)

    at org.openvpms.web.workspace.customer.info.CustomerMergeWorkflow.access$000(CustomerMergeWorkflow.java:43)

    at org.openvpms.web.workspace.customer.info.CustomerMergeWorkflow$1.execute(CustomerMergeWorkflow.java:95)

    at org.openvpms.web.component.workflow.SynchronousTask.start(SynchronousTask.java:39)

    at org.openvpms.web.component.workflow.AbstractTask.start(AbstractTask.java:115)

    at org.openvpms.web.component.workflow.WorkflowImpl.next(WorkflowImpl.java:200)

    at org.openvpms.web.component.workflow.WorkflowImpl.onEvent(WorkflowImpl.java:236)

    at org.openvpms.web.component.workflow.WorkflowImpl$1.taskEvent(WorkflowImpl.java:109)

    at org.openvpms.web.component.workflow.TaskListeners.taskEvent(TaskListeners.java:81)

    at org.openvpms.web.component.workflow.AbstractTask.notifyEvent(AbstractTask.java:228)

    at org.openvpms.web.component.workflow.AbstractTask.notifyCompleted(AbstractTask.java:144)

    at org.openvpms.web.component.workflow.EvalTask.setValue(EvalTask.java:52)

    at org.openvpms.web.component.workflow.AbstractConfirmationTask$1.onClose(AbstractConfirmationTask.java:77)

    at org.openvpms.web.echo.event.WindowPaneListener.windowPaneClosing(WindowPaneListener.java:37)

    at nextapp.echo2.app.WindowPane.fireWindowClosing(WindowPane.java:154)

    at org.openvpms.web.echo.dialog.PopupWindow.fireWindowClosing(PopupWindow.java:229)

    at nextapp.echo2.app.WindowPane.userClose(WindowPane.java:795)

    at org.openvpms.web.echo.dialog.PopupDialog.userClose(PopupDialog.java:281)

    at org.openvpms.web.echo.dialog.ModalDialog.userClose(ModalDialog.java:80)

    at org.openvpms.web.echo.dialog.PopupWindow.close(PopupWindow.java:156)

    at org.openvpms.web.echo.dialog.PopupDialog.close(PopupDialog.java:455)

    at org.openvpms.web.echo.dialog.PopupDialog.onOK(PopupDialog.java:342)

    at org.openvpms.web.echo.dialog.PopupDialog.onButton(PopupDialog.java:313)

    at org.openvpms.web.echo.dialog.PopupDialog.onButtonProtected(PopupDialog.java:499)

    at org.openvpms.web.echo.dialog.PopupDialog.access$000(PopupDialog.java:34)

    at org.openvpms.web.echo.dialog.PopupDialog$4.onAction(PopupDialog.java:486)

    at org.openvpms.web.echo.event.ActionListener.actionPerformed(ActionListener.java:40)

    at nextapp.echo2.app.button.AbstractButton.fireActionPerformed(AbstractButton.java:135)

    at echopointng.ButtonEx$1.actionPerformed(ButtonEx.java:120)

    at nextapp.echo2.app.button.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:70)

    at echopointng.model.DefaultButtonModelEx.doAction(DefaultButtonModelEx.java:51)

    at echopointng.ButtonEx.processInput(ButtonEx.java:202)

    at nextapp.echo2.app.update.ClientUpdateManager.process(ClientUpdateManager.java:116)

    at nextapp.echo2.app.update.UpdateManager.processClientUpdates(UpdateManager.java:89)

    at nextapp.echo2.webcontainer.ContainerSynchronizeService.renderUpdate(ContainerSynchronizeService.java:471)

    at nextapp.echo2.webrender.service.SynchronizeService.service(SynchronizeService.java:279)

    at nextapp.echo2.webrender.WebRenderServlet.process(WebRenderServlet.java:273)

    at org.openvpms.web.echo.servlet.SpringWebContainerServlet.process(SpringWebContainerServlet.java:190)

    at nextapp.echo2.webrender.WebRenderServlet.doPost(WebRenderServlet.java:189)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)

    at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.openvpms.web.echo.servlet.Log4JMDCUserFilter.doFilter(Log4JMDCUserFilter.java:58)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)

    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)

    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)

    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)

    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:315)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

    at java.lang.Thread.run(Thread.java:745)

Caused by: org.springframework.security.access.AccessDeniedException: Access is denied

    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)

    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)

    at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:60)

    at org.openvpms.component.business.service.security.OpenVPMSMethodSecurityInterceptor.invoke(OpenVPMSMethodSecurityInterceptor.java:50)

    ... 102 more

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Re: What authorities are needed to merge?

Is there log entry just before that with "Access denied to principal=....archetype=...."

If so, what is after "achetype="?

 

Re: What authorities are needed to merge?

23 May 2017 14:27:32,196  WARN ArchetypeAwareVoter,http-bio-8080-exec-1032:145 - lachie - Access denied to principal=User[id=12879,archetypeId=security.user.1.0,linkId=75208040-4daa-11e3-8d5e-4d95a77e7f2c,version=9,name=Lachlan Gill], operation=archetypeService.remove, archetype=act.customerAccountClosingBalance

Re: What authorities are needed to merge?

Matt - I assume that the user you are playing with has Category = Administrator (otherwise you will not get the Merge button on say the customer info screen).

Apart from that you do not need anything except the Base role.

I don't know how your roles are set up, but you you might want to check what you have versus the settings in <openvpms-home>\import\data\roles.xml

Regards, Tim G

Re: What authorities are needed to merge?

Yes, they do have the category of adminstrator and the base role. 

Re: What authorities are needed to merge?

Hi, I'm sure this has been brought up elsewhere but I can't find it. I would like to allow our receptionists to merge patients and clients (and ideally allow them to create new suburbs) but I don't want to give them full administrator category. Is there a way to do this - create an in between category?

Re: What authorities are needed to merge?

No - this is not supported at present.

There is a project that could support this functionality, which will likely be done using internal funding, but it is not scheduled for implementation yet.

There is some overlap with the functionality in this project and changes in the upcoming OpenVPMS 2.1.2 release, where a number of roles have been added.

In particular, this release will allow non-admin users to be granted a Stock Administrator role that provides product editing support.

Syndicate content