[
https://issues.apache.org/jira/browse/RAVE-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178491#comment-13178491
]
Carl Hall edited comment on RAVE-400 at 1/3/12 1:55 AM:
--------------------------------------------------------
The 'afterInvocation' permission check performed by Spring after the widget is
retrieved from widgetService.getWidgetByUrl(widget.getUrl()) fails. I've
tracked this down to RavePermissionEvaluator.hasPermission. Checking the
permission of the returned widget returns false because the widget found is
null (null is expected for new URLs). Should
RavePermissionEvaluator.hasPermission return false for all checked permissions
on null objects?
was (Author: thecarlhall):
The 'afterInvocation' permission check performed by Spring after the widget
is retrieved from widgetService.getWidgetByUrl(widget.getUrl()) fails. I've
tracked this down to RavePermissionEvaluator.hasPermission. Checking the
permission of the returned widget returns false because the widget found is
null (null is expected for new URLs). RavePermissionEvaluator.hasPermission
returns false for all checked permissions?
> Update widget Location in admin interface - Widget detail give Access is
> denied
> -------------------------------------------------------------------------------
>
> Key: RAVE-400
> URL: https://issues.apache.org/jira/browse/RAVE-400
> Project: Rave
> Issue Type: Bug
> Reporter: Raminderjeet Singh
>
> If admin try to update Widget location HTTP Status 403 - Access is denied
> error is coming. Admin is allowed to update other fields
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
