Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to save some UserRoles with the error The following are not valid system permissions #5515

Closed
NickJosevski opened this issue Apr 26, 2019 · 2 comments
Closed

Unable to save some UserRoles with the error The following are not valid system permissions #5515

NickJosevski opened this issue Apr 26, 2019 · 2 comments
Assignees
@NickJosevski
Labels
LTS/2019.3 This issue affects 2019.3 LTS
Milestone
2019.4.7

Comments

@NickJosevski
Copy link

The bug

A set of built in and custom user roles cannot be saved because they are in an invalid state.

As part of 2019.x we split the permissions into system and space level. We made a mistake and left a set of permissions classified as mixed scope when they are only space level.

What I expected to happen

Should be able to modify UserRoles.

Steps to reproduce

  1. Go to an affected UserRole
  2. Make a change and attempt to save
  3. It will error with "The following are not valid system permissions"

Screen capture

image

Log exerpt

The following are not valid system permissions

Affected versions

Octopus Server: 2019.x

Workarounds

Using the OctopusClient you can clean up these roles before a patch is released (here is some LinqPad code):

    var apiKey = "API-YOURKEY"; //create an API with sufficient permissions ideally an admin, it can be revoked after this is run
    var octopusServer = new Octopus.Client.OctopusServerEndpoint("http://YOUR.OCTOPUS.INSTALL", apiKey);
    var repo = new Octopus.Client.OctopusRepository(octopusServer);

    var roles = repo.UserRoles.FindAll();
    
    var removeThesePermissions = new List<Permission> { Permission.SubscriptionView, Permission.SubscriptionEdit, Permission.SubscriptionCreate, Permission.SubscriptionDelete};
    foreach(var r in roles)
    {
        if (removeThesePermissions.Any(p => r.GrantedSystemPermissions.Contains(p)))
        {
            $"found {r.Name} in a bad state, with these permissions:".Dump();
            r.GrantedSystemPermissions.Dump();
            // cleanup
            r.GrantedSystemPermissions = r.GrantedSystemPermissions.Except(removeThesePermissions).ToList();
            "what it looks like after".Dump();
            r.GrantedSystemPermissions.Dump();
            "persisting change...".Dump();
            repo.UserRoles.Modify(r);
        }
    }

Links
@NickJosevski NickJosevski mentioned this issue Apr 29, 2019
Closed
@NickJosevski NickJosevski self-assigned this Apr 29, 2019
@NickJosevski NickJosevski added this to the 2019.4.5 milestone Apr 29, 2019
@NickJosevski
Copy link
Author

Release Note: Fix up some UserRoles that were not set up correctly in 2019.1 and could not be saved.

@NickJosevski NickJosevski modified the milestones: 2019.4.5, 2019.4.6 Apr 29, 2019
@slewis74 slewis74 modified the milestones: 2019.4.6, 2019.4.7 May 2, 2019
@michaelnoonan michaelnoonan added the LTS/2019.3 This issue affects 2019.3 LTS label May 2, 2019
@lock
Copy link

lock bot commented Jul 31, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. If you think you've found a related issue, please contact our support team so we can triage your issue, and make sure it's handled appropriately.

@lock lock bot locked as resolved and limited conversation to collaborators Jul 31, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@NickJosevski NickJosevski

Labels
LTS/2019.3 This issue affects 2019.3 LTS
Projects
None yet
Milestone
2019.4.7
Development

No branches or pull requests
3 participants
@NickJosevski @michaelnoonan @slewis74