mvysny
commented
2 years ago Thank you for letting me know, yeah I was already bitten by this bug as well. However, please upgrade to vok 0.13.0, it should contain the fix for the ticket.
Closing the ticket as fixed in vok 0.13.0, however please reopen if there's still something to fix :+1:
I've also upgraded the vok-security-demo project, please find the solution there as well.
Just as a heads-up, because we ran into that problem recently, in Vaadin 23.1 another method hasAccess get's called on the AccessAnnotationChecker from the ViewAccessChecker, so the overridden hasAccess method will never be called.
(see https://github.com/mvysny/vaadin-on-kotlin/blob/b5db06a83fe0f2ffccaaff70e725cdd6fe19e54d/vok-security/src/main/kotlin/eu/vaadinonkotlin/security/VokViewAccessChecker.kt#L17)
Sadly the AccessAnnotationChecker is no interface and changes like this could happen anytime again, that's why we decided to remove it and are checking the annotation permissions directly in the beforeEnter-handler of the topmost layout used for all pages.