[MGNLGROOVY-238] Groovy Terminal access is prohibited if user is not directly assigned to role Created: 13/Jan/23 Updated: 23/Mar/23 Resolved: 14/Mar/23 |
|
| Status: | Closed |
| Project: | Magnolia Groovy Module |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.4, 4.0.0 |
| Type: | Bug | Priority: | Critical |
| Reporter: | Philipp Gaschuetz | Assignee: | Jaroslav Simak |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | quickwin | ||
| Σ Remaining Estimate: | Not Specified | Remaining Estimate: | Not Specified |
| Σ Time Spent: | 3.5h | Time Spent: | Not Specified |
| Σ Original Estimate: | Not Specified | Original Estimate: | Not Specified |
| Sub-Tasks: |
|
|||||||||||||||||||||||||
| Template: | ||||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
|||||||||||||||||||||||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
|||||||||||||||||||||||||
| Bug DoR: |
[X]*
Steps to reproduce, expected, and actual results filled
[X]*
Affected version filled
|
|||||||||||||||||||||||||
| Date of First Response: | ||||||||||||||||||||||||||
| Epic Link: | Support | |||||||||||||||||||||||||
| Sprint: | DevX 33 | |||||||||||||||||||||||||
| Story Points: | 2 | |||||||||||||||||||||||||
| Team: | ||||||||||||||||||||||||||
| Work Started: |
| Description |
|
To access the Groovy App, a user needs to have the superuser or scripter role assigned. There is a bug in the code, as it only checks, if the user has one of the above roles assigned directly. Transitive role assignment are effectively ignored by the code. We stumbled upon this bug, as we are using the Magnolia SSO Module and it is effectively impossible to directly assign roles to users when using SSO. We can therefore not use the Groovy App at all, as access is restricted to transitive role members. Steps to reproduce
Expected resultsShould just work. Actual resultsError Message: WorkaroundIf using SSO module, no workaround possible. If not using SSO, only use directly assigned roles, which defeats the purpose of Groups and Roles... Development notesA bugfix pull request has been created: |
| Comments |
| Comment by Philipp Gaschuetz [ 17/Feb/23 ] |
|
Hi, are there any news on this? The bugfix pull request @ https://git.magnolia-cms.com/projects/MODULES/repos/groovy/pull-requests/64/overview has been automatically closed due to inactivity. Our customer requires this functionality... Many thanks!
|
| Comment by Richard Gange [ 23/Mar/23 ] |
|
Hello pgaschuetz- The fixed was released today with Magnolia 6.2.30. Cheers |