Opened 17 years ago

Closed 17 years ago

#690 closed defect (fixed)

Not allowed to read Extra value type

Reported by: base Owned by: Nicklas Nordborg
Priority: minor Milestone: BASE 2.4
Component: web Version:
Keywords: permissions Cc:

Description (last modified by Nicklas Nordborg)

I've loaded an experiment as an administrator, all within a project. Then I shared all items in the project to group "Everyone" (making Everyone a member of the project did not have the desired effect [see ticket #689]). When our guest user tries to view the experiment - the Properties and Overview tabs work OK, but the Bioassay sets tab fails (blank page). Tomcat log below. I think it's because I created an extravalue for the bioassay set. The extra value thingy doesn't seem to have a "Share..." option.

thanks, Bob MacCallum

13:26:36,341 ERROR [jsp]:253 - Servlet.service() for servlet jsp threw exception
net.sf.basedb.core.PermissionDeniedException: Permission denied: Not allowed to read Extra value type[id=1; name=De-logged int
ensity]
        at net.sf.basedb.core.BasicItem.checkPermission(BasicItem.java:109)
        at net.sf.basedb.core.DbControl.getItem(DbControl.java:793)
        at net.sf.basedb.core.ExtraValue.getExtraValueType(ExtraValue.java:217)
        at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.appendNode(analysis_005ftree_jsp.java:164)
        at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:136)
        at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:137)
        at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp.generateTree(analysis_005ftree_jsp.java:137)
        at org.apache.jsp.views.experiments.bioassaysets.analysis_005ftree_jsp._jspService(analysis_005ftree_jsp.java:668)
        at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334)
        at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
        at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
        at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672)
        at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:574)
        at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:499)

tack! Bob.

Change History (5)

comment:1 by base, 17 years ago

Forgot to say that the experiment name is "Blood-fed adult female tissues" (already public data, don't worry)

comment:2 by Nicklas Nordborg, 17 years ago

Description: modified (diff)
Milestone: BASE 2.4
Owner: changed from everyone to Nicklas Nordborg
Priority: majorminor
Status: newassigned

Hmmm... BASE by default give guests USE permission to extra value types. Maybe this has been changed by an admin some time ago... The easiest fix is to give the 'Guest' role permission read extra value types. Extra value types are global resources, much like file types, MIME types, etc. and all users should have access to them.

On the other hand, the code that is causing the exception should be more stable... this needs to be fixed. It should be simple enough to put a try-catch around the buggy line.

comment:3 by Nicklas Nordborg, 17 years ago

Resolution: fixed
Status: assignedclosed

(In [3578]) Fixes #690: Not allowed to read Extra value type

comment:4 by Nicklas Nordborg, 17 years ago

Resolution: fixed
Status: closedreopened

Found a few more places where there is the same problem

comment:5 by Nicklas Nordborg, 17 years ago

Resolution: fixed
Status: reopenedclosed

(In [3580]) Fixes #690: Not allowed to read Extra value type

Note: See TracTickets for help on using tickets.