[SAK-40580] Error for students accessing assignments associated with GB when GB item is not released - Sakai

XML

Word

Printable

Details

Type: Bug
Status: RESOLVED
Priority: Critical
Resolution: Incorporated
Affects Version/s: 12.4
Fix Version/s: None
Component/s: None
Labels:
None

Test Plan:

Hide

In a course site:

1. Create a Gradebook item, "A1", "Release item to students?" should not be selected (unchecked)
2. Create an assignment, "A1", choose "Associate with existing Gradebook item" (A1)
3. As a student, submit to the assignment A1
4. As the same student from the Assignments home page, click on A1 assignment title

Bug report follows.

5. Assignments is now also broken for any other student (who may not have submitted).

Tested on 12.x nightly:

https://qa12-mysql.nightly.sakaiproject.org/portal/site/FPRE_426Q_6672/tool/e863b919-4aed-4713-ae77-c318b1339180

Show
In a course site: 1. Create a Gradebook item, "A1", "Release item to students?" should not be selected (unchecked) 2. Create an assignment, "A1", choose "Associate with existing Gradebook item" (A1) 3. As a student, submit to the assignment A1 4. As the same student from the Assignments home page, click on A1 assignment title Bug report follows. 5. Assignments is now also broken for any other student (who may not have submitted). Tested on 12.x nightly: https://qa12-mysql.nightly.sakaiproject.org/portal/site/FPRE_426Q_6672/tool/e863b919-4aed-4713-ae77-c318b1339180

Description

Regression from ~~SAK-40375~~

Logs show:

2018-09-11 12:27:37,300 ERROR ajp-nio-8010-exec-79 org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl - AUTHORIZATION FAILURE: Student 49010386-a34d-42ff-815a-5e154c1b83fd in gradebook bc0bda2a-f78d-4d98-8765-450c5bea14d8 attempted to retrieve score for unreleased assignment Response Paper Two

Student gets a bug report.

Stack trace is:

caused by: org.sakaiproject.service.gradebook.shared.GradebookSecurityException: You do not have permission to perform this operation
at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl$12.doInHibernate(GradebookServiceHibernateImpl.java:2473)
at org.springframework.orm.hibernate4.HibernateTemplate.doExecute(HibernateTemplate.java:341)
at org.springframework.orm.hibernate4.HibernateTemplate.execute(HibernateTemplate.java:296)
at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreString(GradebookServiceHibernateImpl.java:2456)
at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreString(GradebookServiceHibernateImpl.java:2524)
at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreStringByNameOrId(GradebookServiceHibernateImpl.java:2532)
at sun.reflect.GeneratedMethodAccessor5593.invoke(null:-1)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy96.getAssignmentScoreStringByNameOrId(null:-1)
at org.sakaiproject.assignment.impl.AssignmentServiceImpl.getGradeForSubmitter(AssignmentServiceImpl.java:2286)

Code is:

                 // If this is the student, then the assignment needs to have
                                // been released.
                                if (studentRequestingOwnScore && !assignment.isReleased()) {
                                        log.error("AUTHORIZATION FAILURE: Student {} in gradebook {} attempted to retrieve score for unreleased assignment {}", getUserUid(), gradebookUid, assignment.getName());
                                        throw new GradebookSecurityException();
                                }

Gliffy Diagrams

Zeplin

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

image-2018-09-11-14-30-10-691.png
64 kB
11-Sep-2018 13:30
screenshot-1.png
111 kB
11-Sep-2018 13:20
screenshot-2.png
61 kB
11-Sep-2018 13:34

Issue Links

is incorporated by

SAK-40548 One Syncronization problem between Gradebook and Assignments when releasing grades

Verified

relates to

SAK-40375 Syncronization problems between Gradebook and Assignments

Verified

Activity

People

Assignee:: Earle R Nietzel

Reporter:: Stephen Marquard

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 11-Sep-2018 07:44

Updated:: 11-Sep-2018 14:30

Resolved:: 11-Sep-2018 13:30

Details

Description

Gliffy Diagrams

Zeplin

Attachments

Attachments

Issue Links

Activity

People

Dates

Git Integration