[MAGNOLIA-8570] Check commands permissions correctly if path is not specified Created: 27/Sep/22  Updated: 10/Oct/22  Resolved: 05/Oct/22

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 6.2.24
Fix Version/s: 6.3.0, 6.2.25

Type: Bug Priority: Blocker
Reporter: Jonathan Ayala Assignee: Quach Hao Thien
Resolution: Fixed Votes: 0
Labels: None
Σ Remaining Estimate: Not Specified Remaining Estimate: Not Specified
Σ Time Spent: 4d 3.5h Time Spent: 4d 3.5h
Σ Original Estimate: Not Specified Original Estimate: Not Specified

Issue Links:
causality
Sub-Tasks:
Key
Summary
Type
Status
Assignee
MAGNOLIA-8571 Provide PR Sub-task Completed Quach Hao Thien  
MAGNOLIA-8572 Review PR Sub-task Completed Roman Kovařík  
MAGNOLIA-8573 PreintQA Sub-task Completed Roman Kovařík  
MAGNOLIA-8574 QA Sub-task Closed Antonín Juran  
MAGNOLIA-8581 Fix failed IT test cases on ui 6.2 Sub-task Completed Quach Hao Thien  
Template:
Acceptance criteria:
Empty
Task DoD:
[X]* Doc/release notes changes? Comment present?
[X]* Downstream builds green?
[X]* Solution information and context easily available?
[X]* Tests
[X]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[X]* Steps to reproduce, expected, and actual results filled
[X]* Affected version filled
Date of First Response:
Epic Link: Nucleus Security Maintenance
Sprint: Nucleus 20
Story Points: 5
Team: Nucleus

 Description   

Steps to reproduce

  1. https://nightly.magnolia-cms.com/.magnolia/admincentral#app:security:roles;/travel-demo-tour-editor:treeview:
  2. Find DAM ACLs
  3. Set Read/Write to /tours
  4. Set deny to /
  5. Log out
  6. Log in as peter:peter 
  7. Publish https://nightly.magnolia-cms.com/.magnolia/admincentral#app:dam:jcrBrowser;/tours/shark_brian_warrick_0824.JPG::

Expected results

The item is published.

Actual results

Caused by: info.magnolia.publishing.exception.PublicationException: <ul><li>null: User not allowed to Read path [dam/]</li></ul>

(https://nightly.magnolia-cms.com/.magnolia/admincentral#app:logTools:list)

Workaround

Development notes

This method should check the granted permissions by node UUID if path is not provided.



 Comments   
Comment by Quach Hao Thien [ 28/Sep/22 ]

Discovery:

The JcrExportCommand which is created manually in https://git.magnolia-cms.com/projects/MODULES/repos/publishing/browse/magnolia-publishing-core/src/main/java/info/magnolia/publishing/packager/Packager.java#155 without setting nodePath, hence it's always using "/" by default

JcrExportCommand exportCommand = new JcrExportCommand();
exportCommand.setPath(node.getPath()); 
Comment by Roman Kovařík [ 29/Sep/22 ]

Not sure if this is the proper solution.

Commands can be executed by UUID or path (so only one of them is mandatory).

There is already a method to get the node from the system context, we could get path from the node and then do the check in this method.

Generated at Mon Feb 12 04:33:53 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.