You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@rave.apache.org by "Carl Hall (Issue Comment Edited) (JIRA)" <ji...@apache.org> on 2012/01/03 02:56:21 UTC

[jira] [Issue Comment Edited] (RAVE-400) Update widget Location in admin interface - Widget detail give Access is denied

    [ https://issues.apache.org/jira/browse/RAVE-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178491#comment-13178491 ] 

Carl Hall edited comment on RAVE-400 at 1/3/12 1:55 AM:
--------------------------------------------------------

The 'afterInvocation' permission check performed by Spring after the widget is retrieved from widgetService.getWidgetByUrl(widget.getUrl()) fails. I've tracked this down to RavePermissionEvaluator.hasPermission. Checking the permission of the returned widget returns false because the widget found is null (null is expected for new URLs). Should RavePermissionEvaluator.hasPermission return false for all checked permissions on null objects?
                
      was (Author: thecarlhall):
    The 'afterInvocation' permission check performed by Spring after the widget is retrieved from widgetService.getWidgetByUrl(widget.getUrl()) fails. I've tracked this down to RavePermissionEvaluator.hasPermission. Checking the permission of the returned widget returns false because the widget found is null (null is expected for new URLs). RavePermissionEvaluator.hasPermission returns false for all checked permissions?
                  
> Update widget Location in admin interface - Widget detail give Access is denied
> -------------------------------------------------------------------------------
>
>                 Key: RAVE-400
>                 URL: https://issues.apache.org/jira/browse/RAVE-400
>             Project: Rave
>          Issue Type: Bug
>            Reporter: Raminderjeet Singh
>
> If admin try to update Widget location HTTP Status 403 - Access is denied error is coming. Admin is allowed to update other fields 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira