[Registry-dev] [jira] Updated: (REGISTRY-209) A rating done after session timeout gets stored as done by user 'Anonymous'

Wed, 06 Feb 2008 22:37:26 -0800 

     [ http://wso2.org/jira/browse/REGISTRY-209?page=all ]

Chathura Ekanayake updated REGISTRY-209:
----------------------------------------

    Priority: Critical  (was: Blocker)

Currently any user who has read permission on a resource is allowed to rate, 
tag and comment on resources. This is how we agreed to do it. By default 
anonymous user gets read permission to all resources via the everyone role. So 
anonymous user can rate, tag and comment on any resource (by default). When the 
session is expired, next request processed as the anonymous user and rating is 
a permitted action for him.

So the solution to this problem is to introduce new actions for rate, tag and 
comment and explicitly block permissions on those actions for anonymous user. 
But such considerable change is not safe at this point before the release. So I 
propose to do this after the 1.0 release.

> A rating done after session timeout gets stored as done by user 'Anonymous'
> ---------------------------------------------------------------------------
>
>                 Key: REGISTRY-209
>                 URL: http://wso2.org/jira/browse/REGISTRY-209
>             Project: WSO2 Registry
>          Issue Type: Bug
>          Components: core, UI
>    Affects Versions: 1.0
>         Environment: Linux/JDK 1.5.0_08/FF
>            Reporter: Tyrell Perera
>         Assigned To: Chathura Ekanayake
>            Priority: Critical
>
> How to reproduce;
>  1. Log in as admin/admin
>  2. Rate a resource
>  3. Let the session time out while still in that page
>  4. Do a rating after time out
> The UI user rating set of stars gets removed, probably indicating one needs 
> to loog in before rating. However this change happens after the new rating 
> gets saved as a rating done by 'anonymous' (Verified by an activity search)
> Is this scenario handled as expected? Seems to me like the UI is supposed to 
> disable rating when a user is tmed out from his/her session.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://wso2.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

_______________________________________________
Registry-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/registry-dev

Reply via email to