rave-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jasha Joachimsthal (Assigned) (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (RAVE-331) Error when trying to upload a duplicate gadget url to widget store
Date Thu, 03 Nov 2011 09:15:32 GMT

     [ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jasha Joachimsthal reassigned RAVE-331:
---------------------------------------

    Assignee: Anthony Carlucci  (was: Jasha Joachimsthal)

The permission check is too strict. Neither as admin nor as user I'm allowed to check if a
widget exists for a given URL.
This should be possible for both a new URL and a URL that belongs to a widget that already
exists but hasn't been published yet.
All my unit tests pass, but the real form submission fails with a 403 access denied.
                
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
>                 Key: RAVE-331
>                 URL: https://issues.apache.org/jira/browse/RAVE-331
>             Project: Rave
>          Issue Type: Bug
>    Affects Versions: 0.5-INCUBATING
>            Reporter: Anthony Carlucci
>            Assignee: Anthony Carlucci
>            Priority: Minor
>             Fix For: 0.6-INCUBATING
>
>         Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null
Widget object if it finds the URL already in the system.  The RavePermissionEvaluator.hasPermission
functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely
handle possible null objects.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message