[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Sang Ngo Huu updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Sang Ngo Huu We can't modify the anonymous role anymore.We created a separate account customAdmin that has not superuser role.To shorten the problem and for reproducing the error here an example for workspace category:anonymous has ACL read-only on "/" selected and subnodescustomAdmin has ACL read/write on "/" selected and subnodesIn SaveRoleDialogAction line 262 ff. (validateAccessControlLists()) the ACLs of the current user are checked against the ACLs of the role to be saved. The current user needs at least write permissions to the workspace and node.The Exception ist fired in line 295. Reason:In methoid isCurrentUserEntitledToGrantRights(workspaceName, path, accessType, permissions) the boolean recursive is true (line 349), wildcard is stripped off of the original path and ownPermission will always be "/" in findBestMatchingPermissions(acl.getList(), stripWildcardsFromPath(path)) (line 344).But if recursive is true the permission check wants the path to macth "/*" (line 352): < { code > } if (recursive && !ownPermissions.getPattern().getPatternString().endsWith("/*")) { code > } If I havn't overseen anything the implementation of {{ findBestMatchingPermissions() }} returns the wrong value for ownPermission ("/" instead of "/*").Find attached the XML export snippets for the roles and workspace category.BTW: the validation method validates the ACL list one after the other. It does not matter how many entries there are. category is first and when category fails the exception is thrown. Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 53 54 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 52 53 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 51 52 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 50 51 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 49 50 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 48 49 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 47 48 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 46 47 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 45 46 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Michael Mühlebach updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Michael Mühlebach Fix Version/s: 5.4.8 Fix Version/s: 5.4.7 Account: Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 44 45 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 43 44 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 42 43 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić reopened an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Status: pre-integration QA Reopened Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 40 41 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Michael Mühlebach updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Michael Mühlebach Fix Version/s: 5.4.7 Account: Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Mikaël Geljić updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Mikaël Geljić Sprint: Saigon 39 40 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Oanh Thai Hoang updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Oanh Thai Hoang Assignee: Oanh Thai Hoang Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Oanh Thai Hoang updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Oanh Thai Hoang Original Estimate: 4d Remaining Estimate: 4d Account: Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Sang Ngo Huu updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Sang Ngo Huu Story Points: 5 Account: Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Michael Mühlebach updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Michael Mühlebach Sprint: Saigon 39 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Sigurd Rolfes created an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Issue Type: Bug Assignee: Unassigned Created: 04/Apr/16 2:00 PM Labels: support security security-app Priority: Critical Reporter: Sigurd Rolfes Security Level: Public We can't modify the anonymous role anymore. We created a separate account customAdmin that has not superuser role. To shorten the problem and for reproducing the error here an example for workspace category: anonymous has ACL read-only on "/" selected and subnodes customAdmin has ACL read/write on "/" selected and subnodes In SaveRoleDialogAction line 262 ff. (validateAccessControlLists()) the ACLs of the current user are checked against the ACLs of the role to be saved. The current user needs at least write permissions to the workspace and node. The Exception ist fired in line 295. Reason: In methoid isCurrentUserEntitledToGrantRights(workspaceName, path, accessType, permissions) the boolean recursive is true (line 349), wildcard is stripped off of the original path and ownPermission
[magnolia-dev] [JIRA] (MGNLUI-3838) Wrong ACL-validation results in AccessViolation
Title: Message Title Zdenek Skodik updated an issue Magnolia UI / MGNLUI-3838 Wrong ACL-validation results in AccessViolation Change By: Zdenek Skodik Attachment: userroles.zeg-admin.xml Attachment: acls-anonymous.txt Attachment: acls-custromAdmin.txt Attachment: userroles.anonymous.xml Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: