[MAGNOLIA-5180] Improve error message for user trying to export his/her own user Created: 12/Jul/13  Updated: 24/Jul/13  Resolved: 16/Jul/13

Status: Closed
Project: Magnolia
Component/s: admininterface, security
Affects Version/s: 4.4.9, 4.5.6
Fix Version/s: 4.5.10

Type: Improvement Priority: Neutral
Reporter: Natascha Desmarais Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Tested on:
4.4.9
4.5.6
4.5.8
4.5.9


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Release notes required:
Yes
Date of First Response:

 Description   

When trying to export the superuser user being logged in as superuser, the export fails with
Write permission needed for export. User not allowed to WRITE path [/system/superuser]

Looking at the permission for superuser, the user actually has write permission for the users workspace with path "/*"

When creating a new user under /admin and assigning the superuser role, this user can export the superuser. So it seems that superuser cannot export its own user, since exporting the anonymous user works fine.

Edit: the new user cannot export its own user either.



 Comments   
Comment by Jan Haderka [ 12/Jul/13 ]

No user can export/import themselves. This is the side effect of ensuring users can't manipulate their own permissions.

Comment by Natascha Desmarais [ 15/Jul/13 ]

Ok thanks, good to know. Maybe we could improve the error message in that case.
Write permission needed for export. User not allowed to WRITE path [/admin/test]
Is a little too generic for that issue, because the user has write permissions on that path when strictly looking at the ACL. It should really say something along the lines of "User not allowed to modify own user data" or something more appropriate.

Generated at Mon Feb 12 04:02:44 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.