[jira] [Commented] (CLEREZZA-520) WebID creation of non-admin users leads to a Basic-Auth login request

Thu, 12 May 2011 06:22:33 -0700 

    [ 
https://issues.apache.org/jira/browse/CLEREZZA-520?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13032397#comment-13032397
 ] 

Henry Story commented on CLEREZZA-520:
--------------------------------------

The problem is that 

val webIDInfo = webIdGraphsService.getWebIDInfo(webId)

Why gets the info from the repository is not in a priviledged section. It 
should be. This is one way of doing it:


diff --git 
a/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
 b/p
index a3e97b1..b28ea43 100644
--- 
a/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
+++ 
b/parent/platform.accountcontrolpanel/platform.accountcontrolpanel.core/src/main/scala/org/apache/clerezza/platform/accountcontrolpanel/ProfilePanel.scala
@@ -144,14 +144,14 @@ class ProfilePanel {
                           @PathParam(value = "id") userName: String): Response 
= {
                val ppd: UriRef = getSuggestedPPDUri(userName)
                val webId: UriRef = new UriRef(ppd.getUnicodeString + "#me")
-               val webIDInfo = webIdGraphsService.getWebIDInfo(webId)
-               webIDInfo.localGraph.addAll(
-                       Arrays.asList(
-                               new TripleImpl(ppd, RDF.`type`, 
FOAF.PersonalProfileDocument),
-                               new TripleImpl(ppd, FOAF.primaryTopic, webId))
-               )
                return AccessController.doPrivileged(new 
PrivilegedAction[Response] {
                        def run: Response = {
+                               val webIDInfo = 
webIdGraphsService.getWebIDInfo(webId)
+                               webIDInfo.localGraph.addAll(
+                                       Arrays.asList(
+                                               new TripleImpl(ppd, RDF.`type`, 
FOAF.PersonalProfileDocument),
+                                               new TripleImpl(ppd, 
FOAF.primaryTopic, webId))
+                               )
                                var userInSystemGraph: GraphNode = 
userManager.getUserInSystemGraph(userName)
                                userInSystemGraph.replaceWith(webId)
                                return 
RedirectUtil.createSeeOtherResponse("../profile", uriInfo)


> WebID creation of non-admin users leads to a Basic-Auth login request
> ---------------------------------------------------------------------
>
>                 Key: CLEREZZA-520
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-520
>             Project: Clerezza
>          Issue Type: Bug
>            Reporter: Henry Story
>
> - log in as admin
> - create a test user in the Administration->Users panel
> - make sure it has DefaultRole
> - logout
> - login as test user
> - Go to Administration->Account Control Panel and click on profile tab url: 
> /user/test/profile
> - click on Create New WebID
> - Click "Create It"   (do we really need this button too?)
> At this point the browser will ask for a basic auth login.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to