[
https://issues.apache.org/jira/browse/WOOKIE-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13458489#comment-13458489
]
Scott Wilson commented on WOOKIE-379:
-------------------------------------
This is caused by calling WidgetFactory from the WidgetController with
grantAccessRequests = false. As there is currently no way to set a
configuration for this, it makes more sense to set this to true, as is the case
for deploying a widget locally in the file system, so that there is
consistency. In the future we may want to allow an administrator to refuse to
grant access policies to uploaded widgets; at the moment we rely on
administrators checking the policies a widget is requesting, either before
importing, or by inspecting the policies file, or by checking the logs.
> POSTing a new Widget results in incorrect access policy
> -------------------------------------------------------
>
> Key: WOOKIE-379
> URL: https://issues.apache.org/jira/browse/WOOKIE-379
> Project: Wookie
> Issue Type: Bug
> Components: Wookie REST API
> Affects Versions: 0.11.0
> Reporter: Scott Wilson
> Priority: Critical
> Fix For: 0.13.0
>
>
> POSTing a widget to /widgets results in an error in the policies file when
> the widget uses the <access> element. A policy is created, however it is set
> to DENY rather than ALLOW.
> Thanks to David Francisco for reporting this problem.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
