You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rave.apache.org by "Anthony Carlucci (Created) (JIRA)" <ji...@apache.org> on 2011/11/01 15:57:32 UTC
[jira] [Created] (RAVE-331) Error when trying to upload a duplicate
gadget url to widget store
Error when trying to upload a duplicate gadget url to widget store
------------------------------------------------------------------
Key: RAVE-331
URL: https://issues.apache.org/jira/browse/RAVE-331
Project: Rave
Issue Type: Bug
Affects Versions: 0.5-INCUBATING
Reporter: Anthony Carlucci
Priority: Minor
How to Reproduce
--------------------------
1) Login to Rave as any user
2) Upload a gadget to the widget store - verify it was added successfully
3) Go back and try to add the same gadget url again
4) You will see the standard "rave has suffered a brief meltdown" page
The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
How to Fix
----------------
1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (RAVE-331) Error when trying to upload a duplicate
gadget url to widget store
Posted by "Anthony Carlucci (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci updated RAVE-331:
----------------------------------
Assignee: Jasha Joachimsthal (was: Anthony Carlucci)
Jasha - I've applied the fix to the RavePermissionEvaluator class to check for null domain objects. You should be able to apply your DuplicateItemException changes to the WidgetService#registerNewWidget now (RAVE-332).
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Jasha Joachimsthal
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Jasha Joachimsthal (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143318#comment-13143318 ]
Jasha Joachimsthal commented on RAVE-331:
-----------------------------------------
As an admin (canonical) I also got the 403 when trying to add the widget that already existed in preview.
I'll create the isRegistered myself, probably tomorrow.
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Jasha Joachimsthal (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143243#comment-13143243 ]
Jasha Joachimsthal commented on RAVE-331:
-----------------------------------------
An admin should have read permission even if he is not the owner.
In this use case the isRegistered is good enough for everyone.
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (RAVE-331) Error when trying to upload a duplicate
gadget url to widget store
Posted by "Anthony Carlucci (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci updated RAVE-331:
----------------------------------
Attachment: stacktrace.log
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Priority: Minor
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (RAVE-331) Error when trying to upload a duplicate
gadget url to widget store
Posted by "Anthony Carlucci (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci updated RAVE-331:
----------------------------------
Fix Version/s: 0.6-INCUBATING
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Jasha Joachimsthal (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jasha Joachimsthal reassigned RAVE-331:
---------------------------------------
Assignee: Anthony Carlucci (was: Jasha Joachimsthal)
The permission check is too strict. Neither as admin nor as user I'm allowed to check if a widget exists for a given URL.
This should be possible for both a new URL and a URL that belongs to a widget that already exists but hasn't been published yet.
All my unit tests pass, but the real form submission fails with a 403 access denied.
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Anthony Carlucci (Assigned) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Anthony Carlucci reassigned RAVE-331:
-------------------------------------
Assignee: Anthony Carlucci
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Anthony Carlucci (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143412#comment-13143412 ]
Anthony Carlucci commented on RAVE-331:
---------------------------------------
If you haven't modified the registerNewUser function yet to throw the DuplicateItemException, then yes that is expected, because it returns null if it found a Widget already in the database. The permission evaluator then denies permission on a null Widget.
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Jasha Joachimsthal (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jasha Joachimsthal resolved RAVE-331.
-------------------------------------
Resolution: Fixed
Added isRegistered, admin can indeed call getWidgetByUrl
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Anthony Carlucci (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143237#comment-13143237 ]
Anthony Carlucci commented on RAVE-331:
---------------------------------------
Right - the READ permission in DefaultWidgetPermissionEvaluator is coded such that read permission is granted if the user is the owner of the widget or if the widget has a 'published' status (so that regular users can't access non published widgets). Sounds like we should add a new WidgetService method:
boolean isRegistered(String widgetUrl)
that we leave unsecured. So any user can check to see if a particular url has already been registered, but they don't necesarily get access to the object if it does exist. Thoughts?
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (RAVE-331) Error when trying to upload a
duplicate gadget url to widget store
Posted by "Anthony Carlucci (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143306#comment-13143306 ]
Anthony Carlucci commented on RAVE-331:
---------------------------------------
Yes, an admin gets all permissions in the Default[Model]PermissionEvaluators the way they are coded right now. The parent AbstractModelPermissionEvaluator#hasPermission function checks to see if the user is an admin, which superseeds all other permission checks.
Just to clarify - are you going to create the isRegistered function or did you want me to do it (fine either way)
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (RAVE-331) Error when trying to
upload a duplicate gadget url to widget store
Posted by "Anthony Carlucci (Issue Comment Edited) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143412#comment-13143412 ]
Anthony Carlucci edited comment on RAVE-331 at 11/3/11 6:28 PM:
----------------------------------------------------------------
If you haven't modified the registerNewWidget function yet to throw the DuplicateItemException, then yes that is expected, because it returns null if it found a Widget already in the database. The permission evaluator then denies permission on a null Widget.
was (Author: carlucci):
If you haven't modified the registerNewUser function yet to throw the DuplicateItemException, then yes that is expected, because it returns null if it found a Widget already in the database. The permission evaluator then denies permission on a null Widget.
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
> Key: RAVE-331
> URL: https://issues.apache.org/jira/browse/RAVE-331
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.5-INCUBATING
> Reporter: Anthony Carlucci
> Assignee: Anthony Carlucci
> Priority: Minor
> Fix For: 0.6-INCUBATING
>
> Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns a null Widget object if it finds the URL already in the system. The RavePermissionEvaluator.hasPermission functions are not properly dealing with potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and safely handle possible null objects.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira