RAVE-1274 | Ensure a null user won't throw an NPE

commit: 0f198448f3ec01087720469e3d39926f71023558 [log] [tgz]
author: Stanton Sievers <ssievers@w2odigital.com> Mon Aug 11 11:37:00 2014 -0400
committer: Stanton Sievers <ssievers@w2odigital.com> Mon Aug 11 11:37:00 2014 -0400
tree: 41860b676b96733b4e14468e3b993f1eb595f9c2
parent: 22e16c6aeafc7c3101bca3749fc074ebc60a23e6 [diff]
diff --git a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java
index 41f5d48..fb6cc19 100644
--- a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java
+++ b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionPermissionEvaluator.java

@@ -201,7 +201,8 @@
         String viewer = ((User)authentication.getPrincipal()).getUsername();

         do {

             for (PageUser pageUser:containerPage.getMembers()){

-                if (userRepository.get(pageUser.getUserId()).getUsername().equals(viewer)){

+                User user = userRepository.get(pageUser.getUserId());

+                if (user != null && user.getUsername().equals(viewer)){

                     log.info("User "+viewer+" is a member of page "+containerPage.getId());

                     if(checkEditorStatus){

                         return pageUser.isEditor();


diff --git a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
index 61ea4b6..d521e7f 100644
--- a/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java
+++ b/rave-components/rave-core/src/main/java/org/apache/rave/portal/security/impl/DefaultRegionWidgetPermissionEvaluator.java

@@ -206,7 +206,8 @@
         String viewer = ((User)authentication.getPrincipal()).getUsername();

         do {

             for (PageUser pageUser:containerPage.getMembers()){

-                if (userRepository.get(pageUser.getUserId()).getUsername().equals(viewer)){

+                User user = userRepository.get(pageUser.getUserId());

+                if (user != null && user.getUsername().equals(viewer)){

                     log.info("User "+viewer+" is a member of page "+containerPage.getId());

                     if(checkEditorStatus){

                         return pageUser.isEditor();
commit	0f198448f3ec01087720469e3d39926f71023558	[log] [tgz]
author	Stanton Sievers <ssievers@w2odigital.com>	Mon Aug 11 11:37:00 2014 -0400
committer	Stanton Sievers <ssievers@w2odigital.com>	Mon Aug 11 11:37:00 2014 -0400
tree	41860b676b96733b4e14468e3b993f1eb595f9c2
parent	22e16c6aeafc7c3101bca3749fc074ebc60a23e6 [diff]