Opened 17 years ago
Closed 17 years ago
#690 closed defect (fixed)
Not allowed to read Extra value type
| Reported by: | base | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | minor | Milestone: | BASE 2.4 |
| Component: | web | Version: | |
| Keywords: | permissions | Cc: |
Description (last modified by )
I've loaded an experiment as an administrator, all within a project. Then I shared all items in the project to group "Everyone" (making Everyone a member of the project did not have the desired effect [see ticket #689]). When our guest user tries to view the experiment - the Properties and Overview tabs work OK, but the Bioassay sets tab fails (blank page). Tomcat log below. I think it's because I created an extravalue for the bioassay set. The extra value thingy doesn't seem to have a "Share..." option.
thanks, Bob MacCallum
13:26:36,341 ERROR [jsp]:253 - Servlet.service() for servlet jsp threw exception
net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Extra value type[id=1; name=De-logged int
ensity]
at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:109)
at net.sf.basedb.core.DbControl.getItem(DbControl.java:793)
at net.sf.basedb.core.ExtraValue.getExtraValueType(ExtraValue.java:217)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.appendNode(analysis_005ftree_jsp.java:164)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:136)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:137)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:137)
at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp._jspService(analysis_005ftree_jsp.java:668)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)
tack! Bob.
Change History (5)
comment:1 by , 17 years ago
comment:2 by , 17 years ago
| Description: | modified (diff) |
|---|---|
| Milestone: | → BASE 2.4 |
| Owner: | changed from to |
| Priority: | major → minor |
| Status: | new → assigned |
Hmmm... BASE by default give guests USE permission to extra value types. Maybe this has been changed by an admin some time ago... The easiest fix is to give the 'Guest' role permission read extra value types. Extra value types are global resources, much like file types, MIME types, etc. and all users should have access to them.
On the other hand, the code that is causing the exception should be more stable... this needs to be fixed. It should be simple enough to put a try-catch around the buggy line.
comment:3 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 by , 17 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
Found a few more places where there is the same problem
comment:5 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Forgot to say that the experiment name is "Blood-fed adult female tissues" (already public data, don't worry)