Opened 16 years ago
Closed 16 years ago
#690 closed defect (fixed)
Not allowed to read Extra value type
| Reported by: | base | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | minor | Milestone: | BASE 2.4 |
| Component: | web | Version: | |
| Keywords: | permissions | Cc: |
Description (last modified by )
I've loaded an experiment as an administrator, all within a project. Then I shared all items in the project to group "Everyone" (making Everyone a member of the project did not have the desired effect [see ticket #689]). When our guest user tries to view the experiment - the Properties and Overview tabs work OK, but the Bioassay sets tab fails (blank page). Tomcat log below. I think it's because I created an extravalue for the bioassay set. The extra value thingy doesn't seem to have a "Share..." option.
thanks, Bob MacCallum?
13:26:36,341 ERROR [jsp]:253 - Servlet.service() for servlet jsp threw exception
net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Extra value type[id=1; name=De-logged int
ensity]
at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:109)
at net.sf.basedb.core.DbControl.getItem(DbControl.java:793)
at net.sf.basedb.core.ExtraValue.getExtraValueType(ExtraValue.java:217)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.appendNode(analysis_005ftree_jsp.java:164)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:136)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:137)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:137)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp._jspService(analysis_005ftree_jsp.java:668)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
tack! Bob.
Change History (5)
comment:1 Changed 16 years ago by
comment:2 Changed 16 years ago by
| Description: | modified (diff) |
|---|---|
| Milestone: | → BASE 2.4 |
| Owner: | changed from everyone to Nicklas Nordborg |
| Priority: | major → minor |
| Status: | new → assigned |
Hmmm... BASE by default give guests USE permission to extra value types. Maybe this has been changed by an admin some time ago... The easiest fix is to give the 'Guest' role permission read extra value types. Extra value types are global resources, much like file types, MIME types, etc. and all users should have access to them.
On the other hand, the code that is causing the exception should be more stable... this needs to be fixed. It should be simple enough to put a try-catch around the buggy line.
comment:3 Changed 16 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 Changed 16 years ago by
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Found a few more places where there is the same problem
comment:5 Changed 16 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Forgot to say that the experiment name is "Blood-fed adult female tissues" (already public data, don't worry)