Ticket #977 (closed Defect: worksforme)
adapting dm4-geospatial to 4.7: catching the AccessControlException
Reported by: | Malte | Owned by: | Malte |
---|---|---|---|
Priority: | Major | Milestone: | Release 4.8.1 |
Component: | 3rd Party Plugins | Version: | 4.7 |
Keywords: | Cc: | jri | |
Complexity: | 3 | Area: | |
Module: |
Description
I would be glad if someone could review the following patch in the dm4-geospatial module for me. It needs to be adapted if, e.g. the topic index in the spatial layer is not accessible for the request/user.
https://github.com/mukil/dm4-geospatial/commit/a3e6fc1aef0e691061b0cf725c0f0a883f90b311
I was wondering why i must catch a RuntimeException? and cannot directly catch an AccessControlException?. Is this the way it must or should be? If there is a way to implement this better i would be happy if someone could point me in the right direction.
Thanks for your help!
Change History
comment:2 Changed 8 years ago by jri
Normally a developer is not supposed to deal with AccessControlExceptions.
So I would suggest the 2nd approach (check permission) as it is more "high-level".
comment:3 Changed 8 years ago by Malte
- Status changed from new to closed
- Resolution set to worksforme
Thanks for your help, i could realize the 2nd approach for the dm4-geospatial module.
Normally a developer is not supposed to deal with AccessControlExceptions?.
Another case is, if one wants to reuse an existing topic, that exists, but the requesting user has no permission to read it the following would throw an AccessControlException:
dm4.getTopicByValue("dm4.webbrowser.url", new SimpleValue(value.trim()));
Currently the plugin developer would need to expect an AccessControlException, am i correct?
When an error occurs in dm4.getTopic(id) the CoreService wraps the cause exception in a generic "Fetching topic failed" runtime exception. That's why you must catch RuntimeException.
To detect a nested AccessControlException (at any level) within another exception you could use this helper method (copied from Core util's UniversalExceptionMapper):
Instead of catching you could avoid throwing the exception in the first place by checking if the user has READ permission:
To get the username of the logged in user you can use the standard AccessControlService.