[MAGNOLIA-4569] MgnlUser.hasRole is broken (more precisely RepositoryBackedSecurityManager.hasAny) Created: 06/Oct/12  Updated: 06/Oct/12  Resolved: 06/Oct/12

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 4.5.4
Fix Version/s: 4.5.5

Type: Bug Priority: Neutral
Reporter: Jonas Petersen [X] (Inactive) Assignee: Jan Haderka
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

osx-10.8.2 tomcat-7.0.29


Issue Links:
duplicate
duplicates MAGNOLIA-4480 MgnlContext.getUser().inGroup("xxx") ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled

 Description   

MgnlUser.hasRole does never return true. A quick way to reproduce it is via groovy console on a fresh 4.5.4 install:

mgnl> user=ctx.getUser()
===> 
MgnlUser - superuser [51ae3379-67cf-4994-9e05-f97cb8bc3e4a]
mgnl> user.getAllRoles()
===> 
[superuser]
mgnl> user.hasRole("superuser")
===> 
false
mgnl>

Debugging shows that it fails at:

2012-10-06 13:31:34,067 DEBUG nolia.cms.security.RepositoryBackedSecurityManager: property /admin/superuser/roles/jcr:mixinTypes is a multi-valued property, so it's values can only be retrieved as an array
javax.jcr.ValueFormatException: property /admin/superuser/roles/jcr:mixinTypes is a multi-valued property, so it's values can only be retrieved as an array
	at org.apache.jackrabbit.core.PropertyImpl.internalGetValue(PropertyImpl.java:483)
	at org.apache.jackrabbit.core.PropertyImpl.getValue(PropertyImpl.java:510)
	at org.apache.jackrabbit.core.PropertyImpl.getString(PropertyImpl.java:520)
	at info.magnolia.cms.security.RepositoryBackedSecurityManager$1.exec(RepositoryBackedSecurityManager.java:106)
	at info.magnolia.cms.security.RepositoryBackedSecurityManager$1.exec(RepositoryBackedSecurityManager.java:90)
	at info.magnolia.cms.security.JCRSessionOp.exec(JCRSessionOp.java:69)
	at info.magnolia.context.MgnlContext.doInSystemContext(MgnlContext.java:403)
	at info.magnolia.context.MgnlContext.doInSystemContext(MgnlContext.java:376)
	at info.magnolia.cms.security.RepositoryBackedSecurityManager.hasAny(RepositoryBackedSecurityManager.java:90)
	at info.magnolia.cms.security.MgnlUser.hasRole(MgnlUser.java:168)

A workaround is:

user.getAllRoles().contains("superuser")

Generated at Mon Feb 12 03:57:02 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.