[
https://issues.jboss.org/browse/GTNPORTAL-2230?page=com.atlassian.jira.pl...
]
Matt Wringe resolved GTNPORTAL-2230.
------------------------------------
Resolution: Done
Marking as resolved with the latest commit. If there is another issue please reopen.
Unauthorized access to Site Editor raises an unexpected JS error
alert
----------------------------------------------------------------------
Key: GTNPORTAL-2230
URL:
https://issues.jboss.org/browse/GTNPORTAL-2230
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Reporter: Matt Wringe
Assignee: Matt Wringe
See JBEPP-1191
Basically what is happening here
- we log out of the portal but still have a tab open where we can still click on links
like 'edit page'.
- id's for web ui components are different between a logged in user and an
unauthenticated user
- we click on 'edit page'
- this causes an ajax request to be created, but the component id we get is for the
unauthorized user (since the user already logged out).
- when the page tries to update itself it can't find this component in the current
document (the page we are on contains the authenticated user document)
currently when this occurs, an alert is created (which isn't all that helpful to what
the actual error is) and then it get stuck in an infinite loop. A timeout then occurs
which reloads the page, bringing in the unauthenticated user document. Since we are now on
the unauthenticated document, the component can be retrieved and the proper request can be
completed.
This error is a bit more broad than just what happens when a user logs in or out (for
example, lets say a webui component is removed from the portal, the same result would
occur). And it might not always be wise to just automatically reload the page if it
can't find the component to update (its not good if someone fills out a form and are
no longer authenticated when they click submit, causing the contents of the post to be
lost).
The best solution here is to probably throw an error message saying it can't find the
contents the ajax request is trying to access and recommend refreshing the page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see:
http://www.atlassian.com/software/jira