[MGNLSTK-615] info.magnolia.cms.security.AccessDeniedException resulting in freemarker.template.TemplateModelException Created: 21/Apr/10  Updated: 13/Dec/11  Resolved: 12/Nov/10

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: 1.3
Fix Version/s: 1.3.6, 1.4

Type: Bug Priority: Major
Reporter: Jules S. Assignee: Philipp Bärfuss
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File MAGNOLIA-3184-stacktrace.txt    
Issue Links:
causality
is causing MGNLSTK-706 version view: the elements in the ext... Closed
dependency
depends upon MGNLSTK-707 add a method to STKUtil to create nod... Closed
relation
is related to MGNLSTK-816 Comparing older page versions with cu... Closed
Template:
Acceptance criteria:
Empty
Date of First Response:

 Description   

This error is also visible on magnolia website. Please look at
http://www.magnolia-cms.com/home/our-company/news/press-releases/old-press-releases/magnolia-4-0-released.html

Maybe the affected nested document level is a noticable information for you. The error occurs at 6th document level, so does mine.
Is there any need to access the mentioned "extra" object?

My personal error stack trace is the following:

FreeMarker template error!

get(extras) failed on instance of info.magnolia.module.templatingkit.templates.STKTemplateModel
The problematic instruction:
----------
==> list model.extras.column[columnIndex] as extra [on line 17, column 5 in templating-kit/templates/global/extrasArea.ftl]
in user-directive extrasColumn [on line 13, column 5 in templating-kit/templates/global/extrasArea.ftl]
in include def.extrasArea.template [on line 52, column 25 in templating-kit/templates/main.ftl]
----------

Java backtrace for programmers:
----------
freemarker.template.TemplateModelException: get(extras) failed on instance of info.magnolia.module.templatingkit.templates.STKTemplateModel
at freemarker.ext.beans.BeanModel.get(BeanModel.java:223)
at freemarker.core.Dot._getAsTemplateModel(Dot.java:76)
[...]
Caused by: info.magnolia.cms.security.AccessDeniedException: User not allowed to (Add, Set, Read) path [/level1/level2/level3/level4/level5/level6/extras]
at info.magnolia.cms.core.Access.isGranted(Access.java:64)
at info.magnolia.cms.core.DefaultContent.<init>(DefaultContent.java:156)
at info.magnolia.cms.core.DefaultContent.createContent(DefaultContent.java:194)
at info.magnolia.cms.util.ContentWrapper.createContent(ContentWrapper.java:188)
at info.magnolia.cms.core.AbstractContent.createContent(AbstractContent.java:75)
at info.magnolia.cms.util.ContentUtil.getOrCreateContent(ContentUtil.java:195)
at info.magnolia.module.templatingkit.templates.ExtrasAreaModel$1.exec(ExtrasAreaModel.java:71)
at info.magnolia.module.templatingkit.templates.ExtrasAreaModel$1.exec(ExtrasAreaModel.java:70)
at info.magnolia.context.MgnlContext.doInSystemContext(MgnlContext.java:396)
at info.magnolia.context.MgnlContext.doInSystemContext(MgnlContext.java:371)
at info.magnolia.module.templatingkit.templates.ExtrasAreaModel.<init>(ExtrasAreaModel.java:69)
at info.magnolia.module.templatingkit.templates.STKTemplateModel.getExtras(STKTemplateModel.java:148)
... 129 more



 Comments   
Comment by Magnolia International [ 21/Apr/10 ]

This sounds similar to MGNLSTK-499. Current workaround: open the offending page(s) on the author instance. Doing so should trigger the creation of the missing "extras" node on that page. Now activate this page (so the missing "extras" node will be created on the public instance too) and the error message should disappear.

Comment by Philipp Bärfuss [ 23/Apr/10 ]

The auto-generation must be executed with enough user permissions. This is Ok and I think we should not work around the issue by using the system context instead. But we should improve the templates in a way that they fail more gracefully.

Comment by Jan Haderka [ 06/Oct/10 ]

The content passed in the ContentUtil in privileged context was obtained previously with non-privileged hierarchy manager. To fix the issue, this content has to be retrieved again.

Comment by Philipp Bärfuss [ 09/Nov/10 ]

The current fix breaks the version view as the versioned content hides the fact that it resides in the version store. We should only execute the creation of the node to the system context.

We should also change the code related to the creation of the main and extra area

  • SingletonParagraphTemplateModel.execute()
Comment by Philipp Bärfuss [ 12/Nov/10 ]

We should use a more generic mechanism (MGNLSTK-707) to make sure we are not forgetting anything.

Comment by Philipp Bärfuss [ 12/Nov/10 ]

resolved by the fix for MGNLSTK-706

Generated at Mon Feb 12 07:28:45 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.