Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-16909

Review option only works for users with site 'maintain' or 'CIG Coordinator' role

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.0
    • Fix Version/s: 2.7.0
    • Component/s: OSP: Portfolios
    • Labels:
      None

      Description

      If a user with 'Review' permission attempts to use the 'Set Reviewed' option, and does not have the 'maintain' or 'CIG Coordinator' role, an AuthorizationFailedException is thrown. Modifying a presentation currently relies on checking the permission at the controller level (which works fine), and at the implementation level, where it fails, since the edit permission set only for those roles mentioned above.

      caused by: org.theospi.portfolio.security.AuthorizationFailedException: Authorizing (osp.presentation.edit, A6710E468541970623FCEE798D4E586F)
      at org.theospi.portfolio.security.app.AuthorizationFacadeImpl.checkPermission(AuthorizationFacadeImpl.java:62)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy20.checkPermission(null:-1)
      at org.theospi.portfolio.presentation.model.impl.PresentationManagerImpl.storePresentation(PresentationManagerImpl.java:620)
      at org.theospi.portfolio.presentation.model.impl.PresentationManagerImpl.storePresentation(PresentationManagerImpl.java:633)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
      at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
      at $Proxy27.storePresentation(null:-1)
      at org.theospi.portfolio.presentation.support.PresentationService.savePresentation(PresentationService.java:163)
      at org.theospi.portfolio.presentation.control.ReviewPresentationController.handleRequest(ReviewPresentationController.java:58)

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  • Assignee:
                    bkirschn Beth Kirschner
                    Reporter:
                    bkirschn Beth Kirschner
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration