-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
None
-
-
Empty show more show less
-
DevX 33
-
2
To access the Groovy App, a user needs to have the superuser or scripter role assigned.
There is a bug in the code, as it only checks, if the user has one of the above roles assigned directly. Transitive role assignment are effectively ignored by the code.
We stumbled upon this bug, as we are using the Magnolia SSO Module and it is effectively impossible to directly assign roles to users when using SSO. We can therefore not use the Groovy App at all, as access is restricted to transitive role members.
Steps to reproduce
- Create a new group and assign the superuser role to it
- Create a user, that has the newly created group assigned and does not have the superuser or scripter role assigned directly
- login with that user and try to access the Groovy App
Expected results
Should just work.
Actual results
Error Message:
User xyz is trying to use the Magnolia Groovy Interactive Console but is not authorized.
Workaround
If using SSO module, no workaround possible.
If not using SSO, only use directly assigned roles, which defeats the purpose of Groups and Roles...
Development notes
A bugfix pull request has been created:
https://git.magnolia-cms.com/projects/MODULES/repos/groovy/pull-requests/64/overview
1.
|
Implementation |
|
Completed | Jaroslav Simak | ||||||||
2.
|
Review |
|
Completed | Javier Benito | ||||||||
3.
|
piQA |
|
Completed | Javier Benito | ||||||||
4.
|
QA |
|
Closed | Oanh Thai Hoang |
|
