-
Bug
-
Resolution: Duplicate
-
Major
-
None
-
5.2.1
As a publisher (peter) i can open add page dialog. This shouldn't be possible as peter has read-only permissions for nodes.
Note: if add page dialog is opened, this error can be seen in logs.
2014-01-30 10:09:53,017 ERROR nolia.pages.app.field.TemplateSelectorFieldFactory: Could not create temporary node to get available templates. javax.jcr.AccessDeniedException: Access denied. at org.apache.jackrabbit.core.security.DefaultAccessManager.checkPermission(DefaultAccessManager.java:193) at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:1266) at org.apache.jackrabbit.core.session.AddNodeOperation.perform(AddNodeOperation.java:111) at org.apache.jackrabbit.core.session.AddNodeOperation.perform(AddNodeOperation.java:37) at org.apache.jackrabbit.core.session.SessionState.perform(SessionState.java:216) at org.apache.jackrabbit.core.ItemImpl.perform(ItemImpl.java:91) at org.apache.jackrabbit.core.NodeImpl.addNodeWithUuid(NodeImpl.java:1814) at org.apache.jackrabbit.core.NodeImpl.addNode(NodeImpl.java:1774) at info.magnolia.jcr.wrapper.DelegateNodeWrapper.addNode(DelegateNodeWrapper.java:122) at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.addNode(ContentDecoratorNodeWrapper.java:115) at info.magnolia.jcr.wrapper.MgnlPropertySettingNodeWrapper.addNode(MgnlPropertySettingNodeWrapper.java:210) at info.magnolia.jcr.wrapper.DelegateNodeWrapper.addNode(DelegateNodeWrapper.java:122) at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.addNode(ContentDecoratorNodeWrapper.java:115) at info.magnolia.jcr.wrapper.DelegateNodeWrapper.addNode(DelegateNodeWrapper.java:122) at info.magnolia.jcr.decoration.ContentDecoratorNodeWrapper.addNode(ContentDecoratorNodeWrapper.java:115) at info.magnolia.audit.MgnlAuditLoggingContentDecoratorNodeWrapper.addNode(MgnlAuditLoggingContentDecoratorNodeWrapper.java:84) at info.magnolia.pages.app.field.TemplateSelectorFieldFactory.getSelectFieldOptionDefinition(TemplateSelectorFieldFactory.java:90) at info.magnolia.ui.form.field.factory.SelectFieldFactory.buildOptions(SelectFieldFactory.java:129) at info.magnolia.ui.form.field.factory.SelectFieldFactory.createFieldComponent(SelectFieldFactory.java:96) at info.magnolia.ui.form.field.factory.SelectFieldFactory.createFieldComponent(SelectFieldFactory.java:71) at info.magnolia.ui.form.field.factory.AbstractFieldFactory.createField(AbstractFieldFactory.java:104) at info.magnolia.ui.dialog.formdialog.FormBuilder.buildReducedForm(FormBuilder.java:165) at info.magnolia.ui.dialog.formdialog.FormBuilder.buildForm(FormBuilder.java:106) at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.buildView(FormDialogPresenterImpl.java:133) at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.start(FormDialogPresenterImpl.java:115) at info.magnolia.ui.dialog.formdialog.FormDialogPresenterImpl.start(FormDialogPresenterImpl.java:91) at info.magnolia.ui.framework.action.OpenCreateDialogAction.execute(OpenCreateDialogAction.java:81) at info.magnolia.ui.api.action.AbstractActionExecutor.execute(AbstractActionExecutor.java:74) at info.magnolia.ui.contentapp.browser.BrowserPresenter.executeAction(BrowserPresenter.java:391) at info.magnolia.ui.contentapp.browser.BrowserPresenter.onActionbarItemClicked(BrowserPresenter.java:331) at info.magnolia.ui.actionbar.ActionbarPresenter.onActionbarItemClicked(ActionbarPresenter.java:183) at info.magnolia.ui.vaadin.actionbar.Actionbar$1.onActionTriggered(Actionbar.java:70) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:168) at com.vaadin.server.ServerRpcManager.applyInvocation(ServerRpcManager.java:118) at com.vaadin.server.communication.ServerRpcHandler.handleBurst(ServerRpcHandler.java:214) at com.vaadin.server.communication.ServerRpcHandler.handleRpc(ServerRpcHandler.java:111) at com.vaadin.server.communication.UidlRequestHandler.synchronizedHandleRequest(UidlRequestHandler.java:91) at com.vaadin.server.SynchronizedRequestHandler.handleRequest(SynchronizedRequestHandler.java:37) at com.vaadin.server.VaadinService.handleRequest(VaadinService.java:1371) at com.vaadin.server.VaadinServlet.service(VaadinServlet.java:238) at info.magnolia.ui.admincentral.AdmincentralVaadinServlet.service(AdmincentralVaadinServlet.java:131) at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) at info.magnolia.cms.filters.ServletDispatchingFilter.doFilter(ServletDispatchingFilter.java:126) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:68) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.module.cache.executor.Bypass.processCacheRequest(Bypass.java:58) at info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:66) at info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:153) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:73) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:83) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:93) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.module.templatingkit.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:106) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.multisite.filters.MultiSiteFilter.doFilter(MultiSiteFilter.java:106) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:82) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:104) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.enterprise.registration.RegistrationFilter.doFilter(RegistrationFilter.java:56) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:82) at info.magnolia.module.devicedetection.filter.DeviceDetectionFilter.doFilter(DeviceDetectionFilter.java:71) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:58) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:103) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:129) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:80) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:89) at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:106) at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:66) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:107) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)
Acceptance criteria
- caused by
-
MGNLUI-2510 UI shouldn't enable actions for which the user has no permissions
- Closed