Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-40580

Error for students accessing assignments associated with GB when GB item is not released

    Details

    • Type: Bug
    • Status: RESOLVED
    • Priority: Critical
    • Resolution: Incorporated
    • Affects Version/s: 12.4
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Test Plan:
      Hide

      In a course site:

      1. Create a Gradebook item, "A1", "Release item to students?" should not be selected (unchecked)
      2. Create an assignment, "A1", choose "Associate with existing Gradebook item" (A1)
      3. As a student, submit to the assignment A1
      4. As the same student from the Assignments home page, click on A1 assignment title

      Bug report follows.

      5. Assignments is now also broken for any other student (who may not have submitted).

      Tested on 12.x nightly:

      https://qa12-mysql.nightly.sakaiproject.org/portal/site/FPRE_426Q_6672/tool/e863b919-4aed-4713-ae77-c318b1339180

      Show
      In a course site: 1. Create a Gradebook item, "A1", "Release item to students?" should not be selected (unchecked) 2. Create an assignment, "A1", choose "Associate with existing Gradebook item" (A1) 3. As a student, submit to the assignment A1 4. As the same student from the Assignments home page, click on A1 assignment title Bug report follows. 5. Assignments is now also broken for any other student (who may not have submitted). Tested on 12.x nightly: https://qa12-mysql.nightly.sakaiproject.org/portal/site/FPRE_426Q_6672/tool/e863b919-4aed-4713-ae77-c318b1339180

      Description

      Regression from SAK-40375

      Logs show:

      2018-09-11 12:27:37,300 ERROR ajp-nio-8010-exec-79 org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl - AUTHORIZATION FAILURE: Student 49010386-a34d-42ff-815a-5e154c1b83fd in gradebook bc0bda2a-f78d-4d98-8765-450c5bea14d8 attempted to retrieve score for unreleased assignment Response Paper Two

      Student gets a bug report.

      Stack trace is:

      caused by: org.sakaiproject.service.gradebook.shared.GradebookSecurityException: You do not have permission to perform this operation
      at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl$12.doInHibernate(GradebookServiceHibernateImpl.java:2473)
      at org.springframework.orm.hibernate4.HibernateTemplate.doExecute(HibernateTemplate.java:341)
      at org.springframework.orm.hibernate4.HibernateTemplate.execute(HibernateTemplate.java:296)
      at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreString(GradebookServiceHibernateImpl.java:2456)
      at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreString(GradebookServiceHibernateImpl.java:2524)
      at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreStringByNameOrId(GradebookServiceHibernateImpl.java:2532)
      at sun.reflect.GeneratedMethodAccessor5593.invoke(null:-1)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
      at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
      at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
      at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
      at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
      at com.sun.proxy.$Proxy96.getAssignmentScoreStringByNameOrId(null:-1)
      at org.sakaiproject.assignment.impl.AssignmentServiceImpl.getGradeForSubmitter(AssignmentServiceImpl.java:2286)
      
      

      Code is:

                       // If this is the student, then the assignment needs to have
                                      // been released.
                                      if (studentRequestingOwnScore && !assignment.isReleased()) {
                                              log.error("AUTHORIZATION FAILURE: Student {} in gradebook {} attempted to retrieve score for unreleased assignment {}", getUserUid(), gradebookUid, assignment.getName());
                                              throw new GradebookSecurityException();
                                      }
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  ern Earle R Nietzel
                  Reporter:
                  smarquard Stephen Marquard
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Git Source Code