[MGNLUI-3286] Deleting folder of groups or roles doesn't properly check dependencies Created: 05/Dec/14  Updated: 06/Aug/15  Resolved: 30/Jul/15

Status: Closed
Project: Magnolia UI
Component/s: security app
Affects Version/s: 5.2.10, 5.3.5
Fix Version/s: 5.3.11, 5.4.1

Type: Bug Priority: Major
Reporter: Daniel Lipp Assignee: Evzen Fochr
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: 0d
Time Spent: 1d 2.75h
Original Estimate: Not Specified

Issue Links:
Relates
relates to MGNLUI-3258 When deleting groups/roles dependenci... Closed
causality
caused by MGNLUI-3062 Deleting not empty folders in groups ... Closed
relation
is related to MGNLUI-3276 Deleting groups or roles is too slow ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Sprint: Sprint 3 (Basel)
Story Points: 1

 Description   

Deleting folders of groups or roles (security app) will always check for users having assigned a group OR a role with the name of the items in that folder. This might result in cases where one cannot delete a folder containing a group "foo" because there's also a role "foo" which is assigned to a user. Deleting a folder of groups should only check for users and groups having that group assigned (and not for those having assigned a role with that name) - likewise deleting a folder of roles should only check for users and groups having that role assigned (and not for those having assigned a group with that name).

to reproduce:

  • open security app
  • go to groups
  • create a folder "untitled"
  • create a group "group-or-role-name" within the above folder
  • go to roles
  • create a role "group-or-role-name" (doesn't matter whether this is on root or in a folder)
  • go to users, select one (e.g. peter) and assign him the ROLE "group-or-role-name"
  • go to groups, select the folder "untitled" and try to delete it

-> system will tell you, you cannot remove that folder because user peter users "group-or-role-name" but actually it only uses the so called role not the group and hence the deletion should be allowed!

Note: also the provided error message should be improved (filed as MGNLUI-3093)



 Comments   
Comment by Daniel Lipp [ 05/Dec/14 ]

It's related to MGNLUI-3276 in the sense that MGNLUI-3276 revealed the problem. Also the fix with/without MGNLUI-3276 will look differently so I recommend to base it on MGNLUI-3276 (the newer/faster implementation).

Comment by Roman Kovařík [ 09/Jul/15 ]

Reopened:

  1. Can it be really NodeTypes.Group and NodeTypes.Role at the same time?
    private List<String> getUsersAndGroupsThisItemIsAssignedTo(Node node) throws RepositoryException {
            if (NodeUtil.isNodeType(node, NodeTypes.Group.NAME)) {
                ...
            }
            if (NodeUtil.isNodeType(node, NodeTypes.Role.NAME)) {
                ...
            }
    }
    
  2. Could you declare info.magnolia.security.app.action.DeleteFolderActionTest#securitySupport as SecuritySupportImpl to prevent casting?
Comment by Evzen Fochr [ 09/Jul/15 ]

I can get Role or Group, but not at same time

Comment by Evzen Fochr [ 30/Jul/15 ]

https://git.magnolia-cms.com/gitweb/?p=magnolia_ui.git;a=shortlog;h=refs/heads/MGNLUI-3286_5.3.x
https://git.magnolia-cms.com/gitweb/?p=magnolia_ui.git;a=shortlog;h=refs/heads/MGNLUI-3286_5.4.x

Generated at Mon Feb 12 09:05:05 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.