[
https://issues.apache.org/jira/browse/RAVE-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13129086#comment-13129086
]
Jasha Joachimsthal commented on RAVE-303:
-----------------------------------------
I prefer option #2
> Re-factor usage of PageService.addNewDefaultPage for security reasons
> ---------------------------------------------------------------------
>
> Key: RAVE-303
> URL: https://issues.apache.org/jira/browse/RAVE-303
> Project: Rave
> Issue Type: Improvement
> Reporter: Anthony Carlucci
>
> PageService.addNewDefaultPage is currently called by
> DefaultNewAccountService.createNewAccount after a new user is registered.
> However, with our new Model Permission security architecture being put in
> place this will fail due to the user not being authenticated at the time the
> addNewDefaultPage is executed. The code should be refactored to :
> 1) Remove the call to addNewDefaultPage in
> DefaultNewAccountService.createNewAccount
> 2) Add logic into PageController where appropriate so that if a user has 0
> pages, addNewDefaultPage is executed on-the-fly to create a new default page
> for them
> 3) Add security annotations to PageService.addNewDefaultPage
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
