Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-23804

Announcements service can generate "annc.null" events

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Verified
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.8.3, 2.9.2
    • Fix Version/s: 10.0
    • Labels:
      None
    • 2.9 Status:
      Merge
    • CLE Team Issue:
      Yes
    • Test Plan:
      Hide

      1. open up database client, e.g. Oracle SQL Developer for Oracle;

      2. issue the following sql query, which returns the most current event on top.
      select * from sakai_event order by event_date desc

      3. Go to a site with multiple announcement items, and post an new announcement;

      Prior to the fix, there should be multiple (# of existing announcement items) 'annc.null' events before the final annc.new event;

      After the fix, there is no 'annc.null' event, only 'annc.new' event.

      Show
      1. open up database client, e.g. Oracle SQL Developer for Oracle; 2. issue the following sql query, which returns the most current event on top. select * from sakai_event order by event_date desc 3. Go to a site with multiple announcement items, and post an new announcement; Prior to the fix, there should be multiple (# of existing announcement items) 'annc.null' events before the final annc.new event; After the fix, there is no 'annc.null' event, only 'annc.new' event.

      Description

      The announcements service can generate events like so (with an event of "annc.null"):
      EVENT_ID: 950053626
      EVENT_DATE: 2013-07-19 15:12:45
      EVENT: annc.null
      REF: /announcement/msg/222222/main/f83872cc-e4d0-4389-93ee-1af7294492b0
      CONTEXT: 222222
      SESSION_ID: XXXXXXXXXXXXXXXXXXXXXX
      EVENT_CODE: m

      This is because of a method called eventId which is called like so:

      groupRefs = m_authzGroupService.getAuthzGroupsIsAllowed(m_sessionManager.getCurrentSessionUserId(),
      eventId(function), groupRefs);

      That eventId method looks like this:
      protected String eventId(String secure)

      { return SECURE_ANNC_ROOT + secure; }

      The method does not check for or handle properly invalid inputs.

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  Assignee:
                  zqian Zhen Qian
                  Reporter:
                  jkusnetz Jeremy Kusnetz
                  Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                    Dates

                    Created:
                    Updated:
                    Resolved:

                      Git Integration