Uploaded image for project: 'Magnolia UI'
  1. Magnolia UI
  2. MGNLUI-2642

Publisher should not be allowed to open 'add page' dialog under /demo-project

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • 5.2.1
    • pages app

      As a publisher (peter) i can open add page dialog. This shouldn't be possible as peter has read-only permissions for nodes.

      Note: if add page dialog is opened, this error can be seen in logs.

      2014-01-30 10:09:53,017 ERROR nolia.pages.app.field.TemplateSelectorFieldFactory: Could not create temporary node to get available templates.
javax.jcr.AccessDeniedException: Access denied.
	at org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:193)
	at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:1266)
	at org.apache.jackrabbit.core.session.AddNodeOperation.perform(AddNodeOperation.java:111)
	at org.apache.jackrabbit.core.session.AddNodeOperation.perform(AddNodeOperation.java:37)
	at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216)
	at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91)
	at org.apache.jackrabbit.core.NodeImpl.addNodeWithUuid(NodeImpl.java:1814)
	at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:1774)
	at info.magnolia.jcr.wrapper.DelegateNodeWrapper.addNode(DelegateNodeWrapper.java:122)
	at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.addNode(ContentDecoratorNodeWrapper.java:115)
	at info.magnolia.jcr.wrapper.MgnlPropertySettingNodeWrapper.addNode(MgnlPropertySettingNodeWrapper.java:210)
	at info.magnolia.jcr.wrapper.DelegateNodeWrapper.addNode(DelegateNodeWrapper.java:122)
	at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.addNode(ContentDecoratorNodeWrapper.java:115)
	at info.magnolia.jcr.wrapper.DelegateNodeWrapper.addNode(DelegateNodeWrapper.java:122)
	at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.addNode(ContentDecoratorNodeWrapper.java:115)
	at info.magnolia.audit.MgnlAuditLoggingContentDecoratorNodeWrapper.addNode(MgnlAuditLoggingContentDecoratorNodeWrapper.java:84)
	at info.magnolia.pages.app.field.TemplateSelectorFieldFactory.getSelectFieldOptionDefinition(TemplateSelectorFieldFactory.java:90)
	at info.magnolia.ui.form.field.factory.SelectFieldFactory.buildOptions(SelectFieldFactory.java:129)
	at info.magnolia.ui.form.field.factory.SelectFieldFactory.createFieldComponent(SelectFieldFactory.java:96)
	at info.magnolia.ui.form.field.factory.SelectFieldFactory.createFieldComponent(SelectFieldFactory.java:71)
	at info.magnolia.ui.form.field.factory.AbstractFieldFactory.createField(AbstractFieldFactory.java:104)
	at info.magnolia.ui.dialog.formdialog.FormBuilder.buildReducedForm(FormBuilder.java:165)
	at info.magnolia.ui.dialog.formdialog.FormBuilder.buildForm(FormBuilder.java:106)
	at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.buildView(FormDialogPresenterImpl.java:133)
	at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.start(FormDialogPresenterImpl.java:115)
	at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.start(FormDialogPresenterImpl.java:91)
	at info.magnolia.ui.framework.action.OpenCreateDialogAction.execute(OpenCreateDialogAction.java:81)
	at info.magnolia.ui.api.action.AbstractActionExecutor.execute(AbstractActionExecutor.java:74)
	at info.magnolia.ui.contentapp.browser.BrowserPresenter.executeAction(BrowserPresenter.java:391)
	at info.magnolia.ui.contentapp.browser.BrowserPresenter.onActionbarItemClicked(BrowserPresenter.java:331)
	at info.magnolia.ui.actionbar.ActionbarPresenter.onActionbarItemClicked(ActionbarPresenter.java:183)
	at info.magnolia.ui.vaadin.actionbar.Actionbar$1.onActionTriggered(Actionbar.java:70)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:168)
	at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:118)
	at com.vaadin.server.communication.ServerRpcHandler.handleBurst(ServerRpcHandler.java:214)
	at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:111)
	at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:91)
	at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:37)
	at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1371)
	at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:238)
	at info.magnolia.ui.admincentral.AdmincentralVaadinServlet.service(AdmincentralVaadinServlet.java:131)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
	at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:126)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:68)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58)
	at info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66)
	at info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:73)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:83)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:93)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:106)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:106)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:104)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:56)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82)
	at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71)
	at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:103)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:129)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80)
	at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65)
	at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89)
	at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:106)
	at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:66)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:107)
	at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:93)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

        Acceptance criteria

          1. Screen Shot 2014-02-03 at 10.15.08.jpg
            Screen Shot 2014-02-03 at 10.15.08.jpg
            73 kB

              mgeljic Mikaël Geljić
              rkovarik Roman Kovařík
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Bug DoR
                  Task DoD