You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by "Scott Wilson (JIRA)" <ji...@apache.org> on 2012/09/19 09:57:07 UTC
[jira] [Commented] (WOOKIE-379) POSTing a new Widget results in
incorrect access policy
[ https://issues.apache.org/jira/browse/WOOKIE-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458489#comment-13458489 ]
Scott Wilson commented on WOOKIE-379:
-------------------------------------
This is caused by calling WidgetFactory from the WidgetController with grantAccessRequests = false. As there is currently no way to set a configuration for this, it makes more sense to set this to true, as is the case for deploying a widget locally in the file system, so that there is consistency. In the future we may want to allow an administrator to refuse to grant access policies to uploaded widgets; at the moment we rely on administrators checking the policies a widget is requesting, either before importing, or by inspecting the policies file, or by checking the logs.
> POSTing a new Widget results in incorrect access policy
> -------------------------------------------------------
>
> Key: WOOKIE-379
> URL: https://issues.apache.org/jira/browse/WOOKIE-379
> Project: Wookie
> Issue Type: Bug
> Components: Wookie REST API
> Affects Versions: 0.11.0
> Reporter: Scott Wilson
> Priority: Critical
> Fix For: 0.13.0
>
>
> POSTing a widget to /widgets results in an error in the policies file when the widget uses the <access> element. A policy is created, however it is set to DENY rather than ALLOW.
> Thanks to David Francisco for reporting this problem.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira