You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rave.apache.org by "Anthony Carlucci (Commented) (JIRA)" <ji...@apache.org> on 2011/11/03 16:29:32 UTC
[jira] [Commented] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143237#comment-13143237 ]
Anthony Carlucci commented on RAVE-331:
---------------------------------------
Right - the READ permission in DefaultWidgetPermissionEvaluator is coded such that read permission is granted if the user is the owner of the widget or if the widget has a 'published' status (so that regular users can't access non published widgets). Sounds like we should add a new WidgetService method:
boolean isRegistered(String widgetUrl)
that we leave unsecured. So any user can check to see if a particular url has already been registered, but they don't necesarily get access to the object if it does exist. Thoughts?
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira