Details
-
Bug
-
Resolution: Fixed
-
Critical
-
4.0, 4.1
-
None
-
rest, rights, path-based
-
Unknown
-
n/a
-
n/a
-
Description
To reproduce :
With a non-admin user, open a page in a subwiki of a path-based multiwiki, and in the javascript console run the following :
new Ajax.Request(new XWiki.Document("WebHome", "Sandbox").getURL(), {method: "GET"});
And then compare with the equivalent REST URL :
new Ajax.Request(new XWiki.Document("WebHome", "Sandbox").getRestURL(), {method: "GET"});
The second one answers 401 unauthorized.
The unauthorized status is returned in XWikiResource.java, around line 205 :
throw new WebApplicationException(Status.UNAUTHORIZED);, after no document is returned by the XWiki API.
Attachments
Issue Links
- relates to
-
CST-646 Loading...