diff --git a/src/main/java/org/caosdb/server/transaction/Retrieve.java b/src/main/java/org/caosdb/server/transaction/Retrieve.java
index e9a67f5ffccdea6be5e8f2c4a82e37590b38e862..04922d9c208280452b94ed051932757c910a6975 100644
--- a/src/main/java/org/caosdb/server/transaction/Retrieve.java
+++ b/src/main/java/org/caosdb/server/transaction/Retrieve.java
@@ -79,7 +79,7 @@ public class Retrieve extends Transaction<RetrieveContainer> {
protected void postTransaction() {
// generate Error for missing RETRIEVE:ENTITY Permission.
for (final EntityInterface e : getContainer()) {
- if (e.getEntityACL() != null) {
+ if (e.getEntityStatus() != EntityStatus.NONEXISTENT) {
try {
e.checkPermission(EntityPermission.RETRIEVE_ENTITY);
} catch (final AuthorizationException exc) {
diff --git a/src/test/java/org/caosdb/server/transaction/RetrieveTest.java b/src/test/java/org/caosdb/server/transaction/RetrieveTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..45e9e5ec32bb34ea5394ee2c691ed9d00d0c49e6
--- /dev/null
+++ b/src/test/java/org/caosdb/server/transaction/RetrieveTest.java
@@ -0,0 +1,78 @@
+package org.caosdb.server.transaction;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.subject.Subject;
+import org.caosdb.server.CaosDBServer;
+import org.caosdb.server.ServerProperties;
+import org.caosdb.server.accessControl.AnonymousAuthenticationToken;
+import org.caosdb.server.accessControl.Role;
+import org.caosdb.server.database.BackendTransaction;
+import org.caosdb.server.database.access.Access;
+import org.caosdb.server.database.backend.interfaces.RetrieveRoleImpl;
+import org.caosdb.server.database.exceptions.TransactionException;
+import org.caosdb.server.database.misc.TransactionBenchmark;
+import org.caosdb.server.entity.EntityInterface;
+import org.caosdb.server.entity.RetrieveEntity;
+import org.caosdb.server.entity.container.RetrieveContainer;
+import org.caosdb.server.entity.xml.IdAndServerMessagesOnlyStrategy;
+import org.caosdb.server.permissions.EntityACLFactory;
+import org.caosdb.server.utils.EntityStatus;
+import org.caosdb.server.utils.ServerMessages;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class RetrieveTest {
+
+ @BeforeClass
+ public static void setup() throws IOException {
+ CaosDBServer.initServerProperties();
+ CaosDBServer.setProperty(ServerProperties.KEY_AUTH_OPTIONAL, "TRUE");
+ CaosDBServer.initShiro();
+
+ BackendTransaction.setImpl(RetrieveRoleImpl.class, RetrieveRoleMockup.class);
+ }
+
+ /** a mock-up which returns null */
+ public static class RetrieveRoleMockup implements RetrieveRoleImpl {
+
+ public RetrieveRoleMockup(Access a) {}
+
+ @Override
+ public void setTransactionBenchmark(TransactionBenchmark b) {}
+
+ @Override
+ public TransactionBenchmark getBenchmark() {
+ return null;
+ }
+
+ @Override
+ public Role retrieve(String role) throws TransactionException {
+ return null;
+ }
+ }
+
+ @Test
+ public void testMissingRetrievePermission() {
+ Subject subject = SecurityUtils.getSubject();
+ subject.login(AnonymousAuthenticationToken.getInstance());
+ EntityInterface entity = new RetrieveEntity(1234);
+ EntityACLFactory fac = new EntityACLFactory();
+ fac.deny(AnonymousAuthenticationToken.PRINCIPAL, "RETRIEVE:ENTITY");
+ entity.setEntityACL(fac.create());
+ RetrieveContainer container = new RetrieveContainer(null, null, null, null);
+ assertTrue(entity.getMessages().isEmpty());
+ assertEquals(entity.getEntityStatus(), EntityStatus.QUALIFIED);
+ container.add(entity);
+ Retrieve retrieve = new Retrieve(container);
+ retrieve.postTransaction();
+ assertFalse(entity.getMessages().isEmpty());
+ assertEquals(entity.getMessages("error").get(0), ServerMessages.AUTHORIZATION_ERROR);
+ assertEquals(entity.getEntityStatus(), EntityStatus.UNQUALIFIED);
+ assertTrue(entity.getSerializeFieldStrategy() instanceof IdAndServerMessagesOnlyStrategy);
+ }
+}