[jira] [Commented] (RAVE-331) Error when trying to upload a duplicate gadget url to widget store

Thu, 03 Nov 2011 08:29:57 -0700 

    [ 
https://issues.apache.org/jira/browse/RAVE-331?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13143237#comment-13143237
 ] 

Anthony Carlucci commented on RAVE-331:
---------------------------------------

Right - the READ permission in DefaultWidgetPermissionEvaluator is coded such 
that read permission is granted if the user is the owner of the widget or if 
the widget has a 'published' status (so that regular users can't access non 
published widgets).  Sounds like we should add a new WidgetService method:

boolean isRegistered(String widgetUrl) 

that we leave unsecured.  So any user can check to see if a particular url has 
already been registered, but they don't necesarily get access to the object if 
it does exist.  Thoughts?
                
> Error when trying to upload a duplicate gadget url to widget store
> ------------------------------------------------------------------
>
>                 Key: RAVE-331
>                 URL: https://issues.apache.org/jira/browse/RAVE-331
>             Project: Rave
>          Issue Type: Bug
>    Affects Versions: 0.5-INCUBATING
>            Reporter: Anthony Carlucci
>            Assignee: Anthony Carlucci
>            Priority: Minor
>             Fix For: 0.6-INCUBATING
>
>         Attachments: stacktrace.log
>
>
> How to Reproduce
> --------------------------
> 1) Login to Rave as any user
> 2) Upload a gadget to the widget store - verify it was added successfully
> 3) Go back and try to add the same gadget url again
> 4) You will see the standard "rave has suffered a brief meltdown" page
> The issue is that the DefaultWidgetService.registerNewWidget function returns 
> a null Widget object if it finds the URL already in the system.  The 
> RavePermissionEvaluator.hasPermission functions are not properly dealing with 
> potential null objects and thus a NPE is thrown.
> How to Fix
> ----------------
> 1) Improve the RavePermissionEvaluator.hasPermission methods to check for and 
> safely handle possible null objects.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to