Uploaded image for project: 'Magnolia UI'
  1. Magnolia UI
  2. MGNLUI-3838

Wrong ACL-validation results in AccessViolation

    XMLWordPrintable

Details

    • Saigon 54
    • 5

    Description

      We can't modify the anonymous role anymore.

      We created a separate account customAdmin that has not superuser role.

      To shorten the problem and for reproducing the error here an example for workspace category:

      anonymous has ACL read-only on "/" selected and subnodes
      customAdmin has ACL read/write on "/" selected and subnodes

      In SaveRoleDialogAction line 262 ff. (validateAccessControlLists()) the ACLs of the current user are checked against the ACLs of the role to be saved. The current user needs at least write permissions to the workspace and node.

      The Exception ist fired in line 295. Reason:

      In methoid isCurrentUserEntitledToGrantRights(workspaceName, path, accessType, permissions) the boolean recursive is true (line 349), wildcard is stripped off of the original path and ownPermission will always be "/" in findBestMatchingPermissions(acl.getList(), stripWildcardsFromPath(path)) (line 344).

      But if recursive is true the permission check wants the path to macth "/*" (line 352):

      if (recursive && !ownPermissions.getPattern().getPatternString().endsWith("/*"))

      If I havn't overseen anything the implementation of findBestMatchingPermissions() returns the wrong value for ownPermission ("/" instead of "/*").

      Find attached the XML export snippets for the roles and workspace category.

      BTW: the validation method validates the ACL list one after the other. It does not matter how many entries there are. category is first and when category fails the exception is thrown.

      Checklists

        Acceptance criteria

        Attachments

          1. acls-anonymous.txt
            4 kB
          2. acls-custromAdmin.txt
            3 kB
          3. userroles.anonymous.xml
            60 kB
          4. userroles.zeg-admin.xml
            110 kB

          Issue Links

            Activity

              People

                oanh.thai Oanh Thai Hoang
                sigurd.rolfes Sigurd Rolfes
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Bug DoR
                    Task DoD

                    Time Tracking

                      Estimated:
                      Original Estimate - 4d Original Estimate - 4d
                      4d
                      Remaining:
                      Remaining Estimate - 0d
                      0d
                      Logged:
                      Time Spent - 7d
                      7d