[MAGNOLIA-7114] NPE when setting permissions and roles empty in YAML file Created: 21/Aug/17  Updated: 21/Aug/17

Status: Accepted
Project: Magnolia
Component/s: None
Affects Version/s: 5.5.5
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Sang Ngo Huu Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

If I export an app to YAML and put to light module folder, it has empty config for permission as bellow:

'permissions':
  'roles':

It throws NPE and block accessing to admincentral

Caused by: java.lang.NullPointerException
	at info.magnolia.cms.security.operations.ConfiguredAccessDefinition.hasAccess(ConfiguredAccessDefinition.java:72)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl.isAppVisibleForUser(AppLauncherLayoutManagerImpl.java:234)
	at info.magnolia.ui.api.app.launcherlayout.AppLauncherLayoutManagerImpl.getLayoutForUser(AppLauncherLayoutManagerImpl.java:149)
	at info.magnolia.ui.admincentral.shellapp.applauncher.AppLauncherShellApp.<init>(AppLauncherShellApp.java:103)
	... 114 more

Investigate:

Should check null for roles in info.magnolia.cms.security.operations.ConfiguredAccessDefinition#hasAccess

public boolean hasAccess(User user) {
        Collection<String> userRoles = user.getAllRoles();

        if (roles.isEmpty() || userRoles.contains(this.superuserRole) || CollectionUtils.containsAny(userRoles, roles)) {
            return true;
        }
        return false;
    }


 Comments   
Comment by Roman Kovařík [ 21/Aug/17 ]

It looks like the exported YAML (meant for JCR bootstrap) is used incorrectly as YAML definition in a light module.
Note the difference between Export to YAML (JCR content) / Download as YAML (definition).

Generated at Mon Feb 12 04:20:51 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.