Bug 113706
Summary: | Edit, Delete phase links show up for user w/o perms, NPE if used. | ||
---|---|---|---|
Product: | [Retired] Red Hat Enterprise CMS | Reporter: | Jon Orris <jorris> |
Component: | other | Assignee: | Jon Orris <jorris> |
Status: | CLOSED RAWHIDE | QA Contact: | Jon Orris <jorris> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | nightly | CC: | ccm-bugs-list |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-01-26 15:26:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 106481 |
Description
Jon Orris
2004-01-16 18:09:44 UTC
Fixing the NPE is pretty trivial. It's this code in FormSecurityListener: if (m_item == null && sm.canAccess(user, m_action)) { return; } final ContentItem item = m_item.getContentItem(state); if (sm.canAccess(user, m_action, item)) { return; } throw new AccessDeniedException(); Changing to if(m_item == null) ... else ... will give us an AccessDenied page instead of an error, at least. Fixed @39710. Note that this is only a partial fix for RC0, in that the links still show up. Only the NPE is fixed, so that an 'Access Denied' page is presented. Opened bug 114313 to track the links shown bug. |