Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-3899

PermissionUtil is too lax when converting permissions; it doesn't take into account custom permissions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 4.5
    • None
    • core
    • None

    Description

      In the forum module, for example, we added a specific "permission" (moderation). Its code is 64. When doing PermissionUtil.convertPermissions(64), we get an empty string, which is probably going to get the code further down to check for no permission instead of checking for the one we want. I don't suppose JCR/JackRabbit can handle custom permissions, so these conversion methods should probably just throw an exception.

      Consider the following test:

          @Test
          public void doesNotAccountForCustomPermissions() {
              try {
                  final String result = PermissionUtil.convertPermissions(64);
                  fail("Should have failed - but returned ["+result+"] instead.");
              } catch (IllegalArgumentException e) {
                  assertEquals("64 is not a standard permission code, please update your code to use XYZ instead.", e.getMessage());
              }
          }
      

      Setting the priority to blocker to make sure this gets fixed before the release. Please reset to an appropriate priority when fixed.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              had Jan Haderka
              gjoseph Magnolia International
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD