[MAGNOLIA-2317] Reading user nodes without having correct privileges assigned Created: 12/Aug/08  Updated: 23/Jan/13  Resolved: 15/Aug/08

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 3.6.1
Fix Version/s: 3.6.2, 3.6.3

Type: Bug Priority: Major
Reporter: Jan Haderka Assignee: Jan Haderka
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
is depended upon by MAGNOLIA-158 adminCentral: User: I can delete myself Closed
relation
is related to MAGNOLIA-2316 ACLs assigned directly to user are no... Closed
is related to MAGNOLIA-2318 Default user privileges are not enoug... Closed
is related to MAGNOLIA-2320 Remove hardcoded user permission modi... Closed
is related to MAGNOLIA-3006 privileges escalation by logged user Closed
is related to MAGNOLIA-1265 User Dialog allows to add denied Roles Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Currently users have assigned privileges to access their own node via ACLs assigned directly to their account. However those privileges are not assigned and used at runtime so in theory user should not be able to log in.



 Comments   
Comment by Jan Haderka [ 13/Aug/08 ]

The reason why those privileges are not checked on login is that it is a system which is logging in the user and system has access to user data.
The outstanding question is whether we should make sure that user who has no privileges to their account can login or not. At the moment I think such user should be allowed to login (as long as his/her account is enabled), but should not be allowed to change his/her own preferences. On the other hand one can argue that user who is not able to read own preferences should be denied login on the ground of not being able to set even own preferred language for the UI.

Comment by Magnolia International [ 13/Aug/08 ]

Well, I have no strong opinion, but

  • we need a solution for public user registration. And it's out of the question that an admin would have to manually add permissions for each user's node. Afaik, we have no "dynamic" permission paths, so these permissions have to be set on a per-user basic
  • there is "something, somewhere", that adds some permissions to the users, relating to their own node. Whatever solution we choose, this should be cleaned up appropriately. (code AND sample bootstrap files)
Comment by Jan Haderka [ 13/Aug/08 ]

MAGNOLIA-2318 deals with the fact that each user needs the permission to read their own node. I've already updated the code (UserEditDialog) to make sure those permissions are added properly. I've also added update task to update all existing users. I will also update bootstrap files.
That something which adds permissions to users is UserEditDialog. I'm not convinced that dialog is a right place for hardcoding the permissions that need to be added to every user, but don't want to change this without discussing it first. MAGNOLIA-2320 is dedicated to that.

Comment by Jan Haderka [ 15/Aug/08 ]

I've decided not to change the fact we do not check for user having rights to read their own account node on login. First we can enforce this only on JCRAuthenticationModule, and second, there is already flag marking account as enabled/disabled. So missing privileges to read/modify own node just means such user is not able to display/change their own preferences which might be desired behaviour in some cases - (semi)public accounts.

Generated at Mon Feb 12 03:35:32 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.