[
https://issues.apache.org/jira/browse/RAVE-400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13185355#comment-13185355
]
Raminderjeet Singh commented on RAVE-400:
-----------------------------------------
Finally found the problem and it was with
@PostAuthorize("hasPermission(returnObject, 'read')") in WidgetService. If the
Widget object is null hasPemission throws 403 Access is denied as described
here https://jira.springsource.org/browse/SEC-1525. To fix this i need to
change it to @PostAuthorize("returnObject == null or
hasPermission(returnObject, 'read')") .
> Update widget Location in admin interface - Widget detail give Access is
> denied
> -------------------------------------------------------------------------------
>
> Key: RAVE-400
> URL: https://issues.apache.org/jira/browse/RAVE-400
> Project: Rave
> Issue Type: Bug
> Reporter: Raminderjeet Singh
> Assignee: Raminderjeet Singh
>
> If admin try to update Widget location HTTP Status 403 - Access is denied
> error is coming. Admin is allowed to update other fields
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
