You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@rave.apache.org by "Anthony Carlucci (Updated) (JIRA)" <ji...@apache.org> on 2011/10/18 22:45:10 UTC

[jira] [Updated] (RAVE-303) Re-factor usage of PageService.addNewDefaultPage for security reasons

     [ https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Anthony Carlucci updated RAVE-303:
----------------------------------

    Issue Type: Sub-task  (was: Improvement)
        Parent: RAVE-304
    
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
>                 Key: RAVE-303
>                 URL: https://issues.apache.org/jira/browse/RAVE-303
>             Project: Rave
>          Issue Type: Sub-task
>            Reporter: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by DefaultNewAccountService.createNewAccount after a new user is registered.  However, with our new Model Permission security architecture being put in place this will fail due to the user not being authenticated at the time the addNewDefaultPage is executed.  The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0 pages, addNewDefaultPage is executed on-the-fly to create a new default page for them
> 3) Add security annotations to PageService.addNewDefaultPage

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira