-
Bug
-
Resolution: Fixed
-
Critical
-
5.2
-
None
-
None
-
-
Empty show more show less
-
5.2-rc2
Users with limited access rights ('local admins') should be restricted to create new users within their folder hierarchy.
So as local admin with restricted user management rights when I try to create a user in the 'root folder', the dialog tells me that an error occurred (which is somehow OK because I don't have the right to do this).
The problem is that the user still is created in the root folder and visible to a superuser account.
This is the exception that is thrown when trying to save the new user in root (should be something like 'access denied'):
2013-11-14 13:33:13,789 ERROR nolia.ui.dialog.formdialog.FormDialogPresenterImpl: An error occurred while executing an action.
info.magnolia.ui.api.action.ActionExecutionException: javax.jcr.PathNotFoundException: doedel
at info.magnolia.security.app.dialog.action.SaveUserDialogAction.createOrUpdateUser(SaveUserDialogAction.java:159)
at info.magnolia.security.app.dialog.action.SaveUserDialogAction.execute(SaveUserDialogAction.java:88)
at info.magnolia.ui.api.action.AbstractActionExecutor.execute(AbstractActionExecutor.java:74)
at info.magnolia.ui.dialog.BaseDialogPresenter.executeAction(BaseDialogPresenter.java:180)
at info.magnolia.ui.dialog.BaseDialogPresenter.onActionFired(BaseDialogPresenter.java:171)
at info.magnolia.ui.dialog.actionarea.renderer.DefaultEditorActionRenderer$1.buttonClick(DefaultEditorActionRenderer.java:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.vaadin.event.ListenerMethod.receiveEvent(ListenerMethod.java:508)
at com.vaadin.event.EventRouter.fireEvent(EventRouter.java:167)
at com.vaadin.server.AbstractClientConnector.fireEvent(AbstractClientConnector.java:969)
at com.vaadin.ui.Button.fireClick(Button.java:368)
at com.vaadin.ui.Button$1.click(Button.java:57)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:168)
at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:118)
at com.vaadin.server.communication.ServerRpcHandler.handleBurst(ServerRpcHandler.java:214)
at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:111)
at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:91)
at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:37)
at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1371)
at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:238)
at info.magnolia.ui.admincentral.AdmincentralVaadinServlet.service(AdmincentralVaadinServlet.java:131)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:129)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:70)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
at info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
at info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153)
at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:76)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:86)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:60)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:86)
at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:93)
at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:106)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82)
at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73)
at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:104)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:85)
at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:61)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:102)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:132)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:83)
at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:67)
at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:91)
at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:108)
at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67)
at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108)
at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.__invoke(StandardContextValve.java:123)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.__invoke(StandardHostValve.java:171)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
at java.lang.Thread.run(Thread.java:680)
Caused by: javax.jcr.PathNotFoundException: doedel
at org.apache.jackrabbit.core.NodeImpl$8.perform(NodeImpl.java:2180)
at org.apache.jackrabbit.core.NodeImpl$8.perform(NodeImpl.java:2157)
at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91)
at org.apache.jackrabbit.core.NodeImpl.getNode(NodeImpl.java:2157)
at info.magnolia.jcr.wrapper.DelegateNodeWrapper.getNode(DelegateNodeWrapper.java:197)
at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.getNode(ContentDecoratorNodeWrapper.java:120)
at info.magnolia.jcr.wrapper.DelegateNodeWrapper.getNode(DelegateNodeWrapper.java:197)
at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.getNode(ContentDecoratorNodeWrapper.java:120)
at info.magnolia.jcr.wrapper.DelegateNodeWrapper.getNode(DelegateNodeWrapper.java:197)
at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.getNode(ContentDecoratorNodeWrapper.java:120)
at info.magnolia.security.app.dialog.action.SaveUserDialogAction.createOrUpdateUser(SaveUserDialogAction.java:117)
... 108 more