Uploaded image for project: 'Contrib: Evaluation System'
  1. Contrib: Evaluation System
  2. EVALSYS-1150

Security exception while editing an expert item

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.0
    • Fix Version/s: None
    • Component/s: Eval Setup
    • Labels:
      None

      Description

      Adding an expert item to a template, i.e. an assignments expert item, it's only possible to set 5 different items with 5 pt scales.

      After adding the item, we edit it and we have a lot of different scales to choose. If we select anyone and save, we got the next exception:

      2011-11-10 13:32:38,314 WARN (RSFActionHandler.java:235) - <Error invoking action>
      Target exception of class java.lang.SecurityException
      Successive lines until stack trace show causes progressing to exception site:
      Error invoking action
      --> Error invoking method saveBothAction in bean at path templateBBean.saveBothAction
      --> User (8da9ddb4-a743-4b32-b8e9-ed8196782279) cannot control item (7) without permissions
      java.lang.SecurityException: User (8da9ddb4-a743-4b32-b8e9-ed8196782279) cannot control item (7) without permissions
      at org.sakaiproject.evaluation.logic.externals.EvalSecurityChecksImpl.checkUserControlItem(EvalSecurityChecksImpl.java:166)
      at org.sakaiproject.evaluation.logic.EvalAuthoringServiceImpl.saveItem(EvalAuthoringServiceImpl.java:405)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy66.saveItem(Unknown Source)
      at org.sakaiproject.evaluation.tool.LocalTemplateLogic.saveItem(LocalTemplateLogic.java:154)
      at org.sakaiproject.evaluation.tool.locators.TemplateItemWBL.saveBoth(TemplateItemWBL.java:136)
      at org.sakaiproject.evaluation.tool.TemplateBBean.saveBothAction(TemplateBBean.java:240)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:23)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:17)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:77)
      at uk.org.ponder.reflect.ReflectiveCache.invokeMethod(ReflectiveCache.java:141)
      at uk.org.ponder.mapping.support.DARApplier.invokeBeanMethod(DARApplier.java:179)
      at uk.org.ponder.rsf.state.support.RSVCApplier.invokeAction(RSVCApplier.java:218)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$1.run(RSFActionHandler.java:189)
      at uk.org.ponder.util.CollectingRunnableInvoker$1.run(CollectingRunnableInvoker.java:25)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper.invokeRunnable(BasicScopedAlterationWrapper.java:59)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$FastClassByCGLIB$$84f89202.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$EnhancerByCGLIB$$715b903c.invokeRunnable(<generated>)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$FastClassByCGLIB$$84f89202.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.flow.support.BasicScopedAlterationWrapper$$EnhancerByCGLIB$$715b903c.invokeRunnable(<generated>)
      at uk.org.ponder.util.CollectingRunnableInvoker$1.run(CollectingRunnableInvoker.java:29)
      at uk.org.ponder.util.CollectingRunnableInvoker.invokeWrappers(CollectingRunnableInvoker.java:22)
      at uk.org.ponder.util.CollectingRunnableInvoker.invokeRunnable(CollectingRunnableInvoker.java:14)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler.handle(RSFActionHandler.java:165)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$$FastClassByCGLIB$$e3b6899d.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:628)
      at uk.org.ponder.rsf.processor.support.RSFActionHandler$$EnhancerByCGLIB$$8547b17.handle(<generated>)
      at uk.org.ponder.rsf.processor.support.RootHandlerBeanBase.handlePost(RootHandlerBeanBase.java:125)
      at uk.org.ponder.rsf.processor.support.RootHandlerBeanBase.handle(RootHandlerBeanBase.java:82)
      at org.sakaiproject.evaluation.tool.utils.RootHandlerBeanOverride.handle(RootHandlerBeanOverride.java:29)
      at sun.reflect.GeneratedMethodAccessor877.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:23)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:17)
      at uk.org.ponder.reflect.JDKReflectiveCache.invokeMethod(JDKReflectiveCache.java:77)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:553)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.access$000(RSACBeanLocatorImpl.java:75)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl$1.run(RSACBeanLocatorImpl.java:449)
      at org.sakaiproject.genericdao.hibernate.HibernateGenericDao.invokeTransactionalAccess(HibernateGenericDao.java:580)
      at sun.reflect.GeneratedMethodAccessor841.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy35.invokeTransactionalAccess(Unknown Source)
      at org.sakaiproject.evaluation.dao.EvalDaoInvokerImpl.invokeTransactionalAccess(EvalDaoInvokerImpl.java:34)
      at org.sakaiproject.evaluation.tool.wrapper.ModelAccessWrapperInvoker.invokeRunnable(ModelAccessWrapperInvoker.java:44)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:447)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.access$000(RSACBeanLocatorImpl.java:75)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl$1.run(RSACBeanLocatorImpl.java:449)
      at uk.org.ponder.rsac.RSACErrorBridge.invokeRunnable(RSACErrorBridge.java:38)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.createBean(RSACBeanLocatorImpl.java:447)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.getLocalBean(RSACBeanLocatorImpl.java:348)
      at uk.org.ponder.rsac.support.RSACBeanLocatorImpl.getBean(RSACBeanLocatorImpl.java:379)
      at uk.org.ponder.rsac.support.PerRequestInfo$1.locateBean(PerRequestInfo.java:49)
      at uk.ac.cam.caret.sakai.rsf.servlet.ReasonableSakaiServlet.service(ReasonableSakaiServlet.java:65)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:597)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:659)
      at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:457)
      at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:359)
      at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:311)
      at org.sakaiproject.tool.impl.ActiveToolComponent$MyActiveTool.forward(ActiveToolComponent.java:512)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.forwardTool(SkinnableCharonPortal.java:1282)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doTool(ToolHandler.java:204)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doGet(ToolHandler.java:96)
      at org.sakaiproject.portal.charon.handlers.ToolHandler.doPost(ToolHandler.java:73)
      at org.sakaiproject.portal.charon.SkinnableCharonPortal.doPost(SkinnableCharonPortal.java:1126)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.sakaiproject.util.RequestFilter.doFilter(RequestFilter.java:658)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:879)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
      at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
      at java.lang.Thread.run(Thread.java:619)

        Gliffy Diagrams

          Zeplin

            Attachments

              Activity

                People

                Assignee:
                Unassigned Unassigned
                Reporter:
                daniel.merino Daniel Merino Echeverría
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    Git Integration