Bug 730122 - if user tries to view a group they do not have view permission/authz for, a Globally Uncaught IndexOutOfBoundsException error occurs
if user tries to view a group they do not have view permission/authz for, a G...
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Core UI (Show other bugs)
4.0.1
Unspecified Unspecified
high Severity medium (vote)
: ---
: ---
Assigned To: Ian Springer
Mike Foley
:
Depends On:
Blocks: jon3 rhq41 rhq41-ui
  Show dependency treegraph
 
Reported: 2011-08-11 16:06 EDT by Ian Springer
Modified: 2013-08-05 20:40 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-02-07 14:23:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ian Springer 2011-08-11 16:06:53 EDT
Right after the IndexOutOfBoundsException error, a 2nd error message is emitted:

  Failed to load group composite for group with ID [xxxxx]

This error is more user friendly, which is good, but it can still use improvement. Since it is a known user-caused error condition, we should not mention low-level technical terms like "group composite". A better error message would be:

  The group with id xxxxxx either does not exist or you are not authorized to view it.


Here's the stack trace from the IndexOutOfBoundsException:

Globally uncaught exception
Severity :	
Error
	
Time :	
Thursday, August 11, 2011 3:50:44 PM Etc/GMT+4
Detail :	
java.lang.IndexOutOfBoundsException:Index: 0, Size: 0
--- STACK TRACE FOLLOWS ---
Index: 0, Size: 0
    at java.util.ArrayList.RangeCheck(ArrayList.java:547)
    at java.util.ArrayList.get(ArrayList.java:322)
    at org.rhq.enterprise.gui.coregui.client.inventory.groups.detail.ResourceGroupTreeView$5.onSuccess(ResourceGroupTreeView.java:272)
    at org.rhq.enterprise.gui.coregui.client.inventory.groups.detail.ResourceGroupTreeView$5.onSuccess(ResourceGroupTreeView.java:1)
    at com.google.gwt.user.client.rpc.impl.RequestCallbackAdapter.onResponseReceived(RequestCallbackAdapter.java:216)
    at org.rhq.enterprise.gui.coregui.client.util.rpc.TrackingRequestCallback.onResponseReceived(TrackingRequestCallback.java:68)
    at com.google.gwt.http.client.Request.fireOnResponseReceived(Request.java:287)
    at com.google.gwt.http.client.RequestBuilder$1.onReadyStateChange(RequestBuilder.java:393)
    at sun.reflect.GeneratedMethodAccessor28.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.google.gwt.dev.shell.MethodAdaptor.invoke(MethodAdaptor.java:103)
    at com.google.gwt.dev.shell.MethodDispatch.invoke(MethodDispatch.java:71)
    at com.google.gwt.dev.shell.OophmSessionHandler.invoke(OophmSessionHandler.java:157)
    at com.google.gwt.dev.shell.BrowserChannel.reactToMessagesWhileWaitingForReturn(BrowserChannel.java:1714)
    at com.google.gwt.dev.shell.BrowserChannelServer.invokeJavascript(BrowserChannelServer.java:165)
    at com.google.gwt.dev.shell.ModuleSpaceOOPHM.doInvoke(ModuleSpaceOOPHM.java:120)
    at com.google.gwt.dev.shell.ModuleSpace.invokeNative(ModuleSpace.java:507)
    at com.google.gwt.dev.shell.ModuleSpace.invokeNativeObject(ModuleSpace.java:264)
    at com.google.gwt.dev.shell.JavaScriptHost.invokeNativeObject(JavaScriptHost.java:91)
    at com.google.gwt.core.client.impl.Impl.apply(Impl.java)
    at com.google.gwt.core.client.impl.Impl.entry0(Impl.java:188)
    at sun.reflect.GeneratedMethodAccessor15.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at com.google.gwt.dev.shell.MethodAdaptor.invoke(MethodAdaptor.java:103)
    at com.google.gwt.dev.shell.MethodDispatch.invoke(MethodDispatch.java:71)
    at com.google.gwt.dev.shell.OophmSessionHandler.invoke(OophmSessionHandler.java:157)
    at com.google.gwt.dev.shell.BrowserChannel.reactToMessages(BrowserChannel.java:1669)
    at com.google.gwt.dev.shell.BrowserChannelServer.processConnection(BrowserChannelServer.java:401)
    at com.google.gwt.dev.shell.BrowserChannelServer.run(BrowserChannelServer.java:222)
    at java.lang.Thread.run(Thread.java:662)
Comment 1 Ian Springer 2011-08-11 16:10:03 EDT
Note, the same exception occurs if the user tries to view a non-existent group (e.g. #ResourceGroup/9999999).
Comment 2 Ian Springer 2011-08-17 12:26:43 EDT
[master 5025c94] fixes this. 

When the user tries to view a group that does not exist or one that they do not have authorization to view, they will be redirected to the #Inventory view, and a user-friendly warning message will be displayed in the message bar. The warning message that is emitted is user-friendly and does not use any low-level technical terms like "ResourceGroupComposite". No additional errors should appear in the message bar or the message center.

Note, there are two parts to QA:

1) try to view a group that not exist (eg - id=9999999)
2) try to view a group you are not authorized to view
Comment 3 Mike Foley 2011-08-17 14:56:46 EDT
verified as follows:

1) groups that don't exist
2) could not view groups not authorized to view
Comment 4 Mike Foley 2012-02-07 14:23:00 EST
changing status of VERIFIED BZs for JON 2.4.2 and JON 3.0 to CLOSED/CURRENTRELEASE

Note You need to log in before you can comment on or make changes to this bug.