[MGNLDEMO-30] Create users and roles for demonstration purposes Created: 18/May/15 Updated: 02/Jul/15 Resolved: 02/Jul/15 |
|
| Status: | Closed |
| Project: | Magnolia Demo Projects |
| Component/s: | magnolia-travels |
| Affects Version/s: | 0.5 |
| Fix Version/s: | 0.5 |
| Type: | Task | Priority: | Critical |
| Reporter: | Christopher Zimmermann | Assignee: | Federico Grilli |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||||||||||
| Task DoR: |
Empty
|
||||||||||||||||||||||||||||||||
| Release notes required: |
Yes
|
||||||||||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||||||||||
| Description |
|
Basic proposal
All roles, groups and users created by the travel-demo are bootstrapped as samples Findings during implementation select * from [nt:base] as t where contains(t., 'demo-project-%') or contains(t., 'editor') or contains(t.*, 'publisher') one gets the following relevant results /modules/pages/apps/pages/subApps/browser/actions/activate/availability/access/roles /modules/dam-app/apps/assets/permissions/roles /modules/categorization/apps/categories/permissions/roles /modules/tours/apps/tourCategories/permissions/roles For the sake of clarity and consistency those should be removed and let projects define roles which can access needed apps and actions. By the same token, I'd add permissions to all app groups under /modules/ui-admincentral/config/appLauncherLayout/groups and grant them by default to superuser only. It will be a project concern to add its roles by giving permissions to the appropriate roles (and we could certainly provide generic Task s to make it easier). In our case, it will be magnolia-travel-demo to create roles and decide which apps they can access. |
| Comments |
| Comment by Christopher Zimmermann [ 01/Jun/15 ] |
|
I dont like that projects would always have to add permissions for every app, if they dont want to let people use the superuser role. But I like that it is clean and seems like a good foundation to build upon. |
| Comment by Christopher Zimmermann [ 25/Jun/15 ] |
|
Review: Change descriptions to be consistant and shorter. Status of items in Security app? Can they all be green? travel-demo-editor has everything in travel-demo-base? |
| Comment by Federico Grilli [ 25/Jun/15 ] |
|
For the release notes/docu: |
| Comment by Philip Mundt [ 29/Jun/15 ] |
|
There seems to be an issue with anonymous accessing the tours workspace (as superuser one can see them): 2015-06-29 09:21:43,802 ERROR nfo.magnolia.demo.travel.tours.model.CarouselModel: Could not retrieve linked tour with identifier [730c8850-d638-4e91-b3fb-4041a0c59ffe]. javax.jcr.ItemNotFoundException: 730c8850-d638-4e91-b3fb-4041a0c59ffe at org.apache.jackrabbit.core.SessionImpl.getNodeById(SessionImpl.java:538) at org.apache.jackrabbit.core.SessionImpl.getNodeByIdentifier(SessionImpl.java:1102) at info.magnolia.jcr.wrapper.DelegateSessionWrapper.getNodeByIdentifier(DelegateSessionWrapper.java:182) at info.magnolia.jcr.wrapper.DelegateSessionWrapper.getNodeByIdentifier(DelegateSessionWrapper.java:182) at info.magnolia.jcr.decoration.ContentDecoratorSessionWrapper.getNodeByIdentifier(ContentDecoratorSessionWrapper.java:129) at info.magnolia.jcr.wrapper.DelegateSessionWrapper.getNodeByIdentifier(DelegateSessionWrapper.java:182) at info.magnolia.jcr.wrapper.NodeWrappingDelegateSessionWrapper.getNodeByIdentifier(NodeWrappingDelegateSessionWrapper.java:58) at info.magnolia.jcr.wrapper.DelegateSessionWrapper.getNodeByIdentifier(DelegateSessionWrapper.java:182) at info.magnolia.jcr.decoration.ContentDecoratorSessionWrapper.getNodeByIdentifier(ContentDecoratorSessionWrapper.java:129) at info.magnolia.jcr.wrapper.DelegateSessionWrapper.getNodeByIdentifier(DelegateSessionWrapper.java:182) at info.magnolia.jcr.decoration.ContentDecoratorSessionWrapper.getNodeByIdentifier(ContentDecoratorSessionWrapper.java:129) at info.magnolia.demo.travel.tours.model.CarouselModel.getTour(CarouselModel.java:99) at info.magnolia.demo.travel.tours.model.CarouselModel.getTours(CarouselModel.java:84) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at freemarker.ext.beans.BeansWrapper.invokeMethod(BeansWrapper.java:1385) at freemarker.ext.beans.BeanModel.invokeThroughDescriptor(BeanModel.java:254) at freemarker.ext.beans.BeanModel.get(BeanModel.java:158) at freemarker.core.Dot._eval(Dot.java:40) at freemarker.core.Expression.eval(Expression.java:76) at freemarker.core.Assignment.accept(Assignment.java:71) at freemarker.core.Environment.visit(Environment.java:257) at freemarker.core.MixedContent.accept(MixedContent.java:57) at freemarker.core.Environment.visit(Environment.java:257) at freemarker.core.Environment.process(Environment.java:235) at freemarker.template.Template.process(Template.java:262) at info.magnolia.freemarker.FreemarkerHelper.render(FreemarkerHelper.java:152) at info.magnolia.rendering.renderer.FreemarkerRenderer.onRender(FreemarkerRenderer.java:96) at info.magnolia.rendering.renderer.AbstractRenderer.render(AbstractRenderer.java:155) at info.magnolia.rendering.engine.DefaultRenderingEngine.render(DefaultRenderingEngine.java:118) at info.magnolia.rendering.engine.DefaultRenderingEngine.render(DefaultRenderingEngine.java:99) at info.magnolia.rendering.engine.DefaultRenderingEngine.render(DefaultRenderingEngine.java:94) at info.magnolia.rendering.engine.DefaultRenderingEngine$$EnhancerByCGLIB$$9ce0b773.render(<generated>) at info.magnolia.templating.elements.ComponentElement.begin(ComponentElement.java:181) at info.magnolia.templating.renderers.NoScriptRenderer.onRender(NoScriptRenderer.java:102) at info.magnolia.templating.renderers.NoScriptRenderer.render(NoScriptRenderer.java:80) at info.magnolia.rendering.engine.DefaultRenderingEngine.render(DefaultRenderingEngine.java:118) at info.magnolia.rendering.engine.DefaultRenderingEngine$$EnhancerByCGLIB$$9ce0b773.render(<generated>) at info.magnolia.templating.elements.AreaElement.end(AreaElement.java:324) at info.magnolia.templating.freemarker.AbstractDirective.execute(AbstractDirective.java:98) at freemarker.core.Environment.visit(Environment.java:333) at freemarker.core.UnifiedCall.accept(UnifiedCall.java:100) at freemarker.core.Environment.visit(Environment.java:257) at freemarker.core.MixedContent.accept(MixedContent.java:57) at freemarker.core.Environment.visit(Environment.java:257) at freemarker.core.Environment.process(Environment.java:235) at freemarker.template.Template.process(Template.java:262) at info.magnolia.freemarker.FreemarkerHelper.render(FreemarkerHelper.java:152) at info.magnolia.rendering.renderer.FreemarkerRenderer.onRender(FreemarkerRenderer.java:96) at info.magnolia.rendering.renderer.AbstractRenderer.render(AbstractRenderer.java:155) at info.magnolia.module.site.renderer.SiteAwareFreemarkerRenderer.render(SiteAwareFreemarkerRenderer.java:89) at info.magnolia.rendering.engine.DefaultRenderingEngine.render(DefaultRenderingEngine.java:118) at info.magnolia.rendering.engine.DefaultRenderingEngine$$EnhancerByCGLIB$$9ce0b773.render(<generated>) at info.magnolia.rendering.engine.RenderingFilter.render(RenderingFilter.java:195) at info.magnolia.rendering.engine.RenderingFilter.handleTemplateRequest(RenderingFilter.java:140) at info.magnolia.rendering.engine.RenderingFilter.doFilter(RenderingFilter.java:94) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.rendering.model.ModelExecutionFilter.doFilter(ModelExecutionFilter.java:100) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.AggregatorFilter.doFilter(AggregatorFilter.java:100) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.RepositoryMappingFilter.doFilter(RepositoryMappingFilter.java:108) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:74) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.VirtualUriFilter.doFilter(VirtualUriFilter.java:69) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.module.cache.executor.Store.processCacheRequest(Store.java:100) at info.magnolia.module.cache.executor.CompositeExecutor.processCacheRequest(CompositeExecutor.java:67) at info.magnolia.module.cache.filter.CacheFilter.doFilter(CacheFilter.java:170) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.i18n.I18nContentSupportFilter.doFilter(I18nContentSupportFilter.java:74) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.RangeSupportFilter.doFilter(RangeSupportFilter.java:84) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.security.BaseSecurityFilter.doFilter(BaseSecurityFilter.java:57) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.security.SecurityCallbackFilter.doFilter(SecurityCallbackFilter.java:80) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.security.LogoutFilter.doFilter(LogoutFilter.java:94) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.module.site.filters.SiteMergeFilter.doFilter(SiteMergeFilter.java:119) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MultiChannelFilter.doFilter(MultiChannelFilter.java:83) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.module.cache.filter.GZipFilter.doFilter(GZipFilter.java:73) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.security.auth.login.LoginFilter.doFilter(LoginFilter.java:127) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:81) at info.magnolia.cms.filters.CosMultipartRequestFilter.doFilter(CosMultipartRequestFilter.java:87) at info.magnolia.cms.filters.OncePerRequestAbstractMgnlFilter.doFilter(OncePerRequestAbstractMgnlFilter.java:59) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.ContentTypeFilter.doFilter(ContentTypeFilter.java:112) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.ContextFilter.doFilter(ContextFilter.java:128) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.MgnlFilterChain.doFilter(MgnlFilterChain.java:79) at info.magnolia.cms.filters.CompositeFilter.doFilter(CompositeFilter.java:65) at info.magnolia.cms.filters.AbstractMgnlFilter.doFilter(AbstractMgnlFilter.java:85) at info.magnolia.cms.filters.SafeDestroyMgnlFilterWrapper.doFilter(SafeDestroyMgnlFilterWrapper.java:107) at info.magnolia.cms.filters.MgnlFilterDispatcher.doDispatch(MgnlFilterDispatcher.java:67) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:108) at info.magnolia.cms.filters.MgnlMainFilter.doFilter(MgnlMainFilter.java:94) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) |
| Comment by Christopher Zimmermann [ 29/Jun/15 ] |
|
Eric gets an exception when attempting to save a changed tour. Caused by: javax.jcr.AccessDeniedException: /magnolia-travels/Hut-to-Hut-in-the-Swiss-Alps/destination: not allowed to add or modify item |
| Comment by Christopher Zimmermann [ 29/Jun/15 ] |
|
On CE pages app, where workflow is not installed, the Publish action is available to Eric. However he should not have the right to publish |
| Comment by Christopher Zimmermann [ 29/Jun/15 ] |
|
Note that currently publishing on tours or contacts app as peter fails due to this linked ticket https://jira.magnolia-cms.com/browse/MAGNOLIA-5975 |
| Comment by Philip Mundt [ 02/Jul/15 ] |
|
Creating a followup ticket as the roles are lenient enough to not fail when they contain a workspace that doesn't exist. |