commit | 0f198448f3ec01087720469e3d39926f71023558 | [log] [tgz] |
---|---|---|
author | Stanton Sievers <ssievers@w2odigital.com> | Mon Aug 11 11:37:00 2014 -0400 |
committer | Stanton Sievers <ssievers@w2odigital.com> | Mon Aug 11 11:37:00 2014 -0400 |
tree | 41860b676b96733b4e14468e3b993f1eb595f9c2 | |
parent | 22e16c6aeafc7c3101bca3749fc074ebc60a23e6 [diff] |
RAVE-1274 | Ensure a null user won't throw an NPE
diff --git a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java index 41f5d48..fb6cc19 100644 --- a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java +++ b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java
@@ -201,7 +201,8 @@ String viewer = ((User)authentication.getPrincipal()).getUsername(); do { for (PageUser pageUser:containerPage.getMembers()){ - if (userRepository.get(pageUser.getUserId()).getUsername().equals(viewer)){ + User user = userRepository.get(pageUser.getUserId()); + if (user != null && user.getUsername().equals(viewer)){ log.info("User "+viewer+" is a member of page "+containerPage.getId()); if(checkEditorStatus){ return pageUser.isEditor();
diff --git a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java index 61ea4b6..d521e7f 100644 --- a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java +++ b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
@@ -206,7 +206,8 @@ String viewer = ((User)authentication.getPrincipal()).getUsername(); do { for (PageUser pageUser:containerPage.getMembers()){ - if (userRepository.get(pageUser.getUserId()).getUsername().equals(viewer)){ + User user = userRepository.get(pageUser.getUserId()); + if (user != null && user.getUsername().equals(viewer)){ log.info("User "+viewer+" is a member of page "+containerPage.getId()); if(checkEditorStatus){ return pageUser.isEditor();