Details
-
Type:
Bug
-
Status: RESOLVED
-
Priority:
Critical
-
Resolution: Incorporated
-
Affects Version/s: 12.4
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Test Plan:
Description
Regression from SAK-40375
Logs show:
2018-09-11 12:27:37,300 ERROR ajp-nio-8010-exec-79 org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl - AUTHORIZATION FAILURE: Student 49010386-a34d-42ff-815a-5e154c1b83fd in gradebook bc0bda2a-f78d-4d98-8765-450c5bea14d8 attempted to retrieve score for unreleased assignment Response Paper Two
Student gets a bug report.
Stack trace is:
caused by: org.sakaiproject.service.gradebook.shared.GradebookSecurityException: You do not have permission to perform this operation at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl$12.doInHibernate(GradebookServiceHibernateImpl.java:2473) at org.springframework.orm.hibernate4.HibernateTemplate.doExecute(HibernateTemplate.java:341) at org.springframework.orm.hibernate4.HibernateTemplate.execute(HibernateTemplate.java:296) at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreString(GradebookServiceHibernateImpl.java:2456) at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreString(GradebookServiceHibernateImpl.java:2524) at org.sakaiproject.component.gradebook.GradebookServiceHibernateImpl.getAssignmentScoreStringByNameOrId(GradebookServiceHibernateImpl.java:2532) at sun.reflect.GeneratedMethodAccessor5593.invoke(null:-1) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:99) at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:96) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) at com.sun.proxy.$Proxy96.getAssignmentScoreStringByNameOrId(null:-1) at org.sakaiproject.assignment.impl.AssignmentServiceImpl.getGradeForSubmitter(AssignmentServiceImpl.java:2286)
Code is:
// If this is the student, then the assignment needs to have // been released. if (studentRequestingOwnScore && !assignment.isReleased()) { log.error("AUTHORIZATION FAILURE: Student {} in gradebook {} attempted to retrieve score for unreleased assignment {}", getUserUid(), gradebookUid, assignment.getName()); throw new GradebookSecurityException(); }