Menu
▾
▴
[Treebase-guts] [ treebase-Bugs-2945440 ] User cannot download his trees within his own submission
|
From: SourceForge.net <no...@so...> - 2010-02-03 19:24:39
|
Bugs item #2945440, was opened at 2010-02-03 14:24 Message generated for change (Tracker Item Submitted) made by sfrgpiel You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1126676&aid=2945440&group_id=248804 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: ui Group: None Status: Open Priority: 9 Private: No Submitted By: William Piel (sfrgpiel) Assigned to: Nobody/Anonymous (nobody) Summary: User cannot download his trees within his own submission Initial Comment: A basic user (in this case, username "tb3" with password "tb3", and submission 9923) who uploads a tree to his submission, is blocked from downloading the "reconstructed" tree from within the submission interface. To replicate the problem, login to submission 9923, go to the tree blocks: http://treebasedb-dev.nescent.org:6666/treebase-web/user/treeBlockList.html Then click on the "download reconstructed tree" links, e.g.: http://treebasedb-dev.nescent.org:6666/treebase-web/user/downloadATreeBlock.html?treeblockid=9662 The result is "Access denied. Sorry! your action is not authorized." If you look inside the tree block and then try to download a reconstructed tree, you get a "Uncaught Exception Encountered" (see text below). These errors may be related to a recent fix that Rutger made to prevent "in progress" data from being accessed anonymously. The rules should be the following: 1. Anonymous users can only access data associated with studies that are considered "published" unless they use a /phylows/ url with a valid x-access-code parameter. Access as study with a valid x-access-code provides access to download links within that study throughout that session. 2. Users who create a submission can alway access the data in that submission regardless of status, but they can only edit data if the submission is "in progress" 3. Admin and Associate Editors can both access and edit all data regardless of status. bp Uncaught Exception Encountered java.lang.NullPointerException at org.cipres.treebase.web.controllers.AbstractDownloadController.generateAFileDynamically(AbstractDownloadController.java:125) at org.cipres.treebase.web.controllers.DownloadATreeController.handleRequest(DownloadATreeController.java:76) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:858) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:476) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:431) at javax.servlet.http.HttpServlet.service(HttpServlet.java:627) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.displaytag.filter.ResponseOverrideFilter.doFilter(ResponseOverrideFilter.java:125) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:119) at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:55) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:264) at org.acegisecurity.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:107) at org.acegisecurity.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:72) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:110) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:81) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:217) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:191) at org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:274) at org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148) at org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:90) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286) at java.lang.Thread.run(Thread.java:636) Cookies: itemToHighlight=[http%3A//treebasedb-dev.nescent.org%3A6666/treebase-web/user/treeBlockList.html] itemToHighlight=[http%3A//treebasedb-dev.nescent.org%3A6666/treebase-web/user/submissionList.html] JSESSIONID=[A56E40E535C9BD4451883A467D1473F0] __utma=[53240375.1924499357.1236724314.1264137469.1264687265.41] __utmz=[53240375.1263756485.39.6.utmccn] ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=1126676&aid=2945440&group_id=248804 |
