Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Permission issues when a non-admin user creates a user or a workspace #510

Closed
herflis opened this issue Dec 10, 2019 · 3 comments
Closed
Assignees
Labels
Milestone

Comments

@herflis
Copy link
Contributor

@herflis herflis commented Dec 10, 2019

Steps to reproduce (user creation):

  1. Login with devdog at admin.sensenet.com
  2. Go to Users&Groups and click on the add button
  3. Choose type User and fill out the form (or at least the required fields)
  4. Click Save

Steps to reproduce (workspace creation):

  1. Login with devdog at admin.sensenet.com
  2. Go to Content and click on the add button
  3. Choose type Workspace and fill out the form (or at least the required fields)
  4. Click Save

image.png
image.png

SEE THE COMMENTS BELOW
⬇⬇⬇⬇⬇

@herflis herflis added the bug label Dec 10, 2019
@herflis herflis added this to the Sprint 199 milestone Dec 10, 2019
@pusztaienike pusztaienike self-assigned this Dec 19, 2019
@herflis herflis assigned herflis and unassigned pusztaienike Jan 6, 2020
@herflis herflis modified the milestones: Sprint 199, Sprint 200 Jan 6, 2020
@herflis

This comment has been minimized.

Copy link
Contributor Author

@herflis herflis commented Jan 8, 2020

Timestamp: 2020. 01. 08. 8:35:41 Message: Access denied. Category: General Priority: -1 EventId: 40 Severity: Warning Title: Machine: SN-DEV-WEB-03 Application Domain: IIS APPPOOL Process Id: 4568 Process Name: w3wp Managed Thread Id: 8 Thread Name: Extended Properties: Messages - ODataException: Access denied. ---- Inner Exception: SenseNetSecurityException: Access denied. at SenseNet.ContentRepository.Storage.Retrier.Retry(Int32 count, Int32 waitMilliseconds, Type caughtExceptionType, Action callback) at SenseNet.ContentRepository.User.Save(NodeSaveSettings settings) at SenseNet.ContentRepository.SavingAction.Execute() at SenseNet.ContentRepository.GenericContent.Save(SavingMode mode) at SenseNet.ContentRepository.Content.Save(Boolean validOnly, SavingMode mode) at SenseNet.ContentRepository.Content.Save(Boolean validOnly) at SenseNet.Portal.OData.ODataHandler.CreateContent(JObject model, ODataRequest odataRequest) in E:\BuildAgent\_work\63\s\src\Services\OData\ODataHandler.cs:line 463 at SenseNet.Portal.OData.ODataHandler.ProcessRequest(HttpContext context, String httpMethod, Stream inputStream) in E:\BuildAgent\_work\63\s\src\Services\OData\ODataHandler.cs:line 206 ===================== ODataException/SenseNetSecurityException/FormattedMessage - Access denied. Path: /Root/IMS/Public/aaaa PermissionType: TakeOwnership User: Public\devdog UserId: 1496 ODataException/SenseNetSecurityException/EventId - 40 ODataException/SenseNetSecurityException/Path - /Root/IMS/Public/aaaa ODataException/SenseNetSecurityException/PermissionType - TakeOwnership ODataException/SenseNetSecurityException/User - Public\devdog UserName - Public\devdog WorkingMode - IsHttpContext - yes Url - https://dev.demo.sensenet.com/odata.svc/Root/IMS/Public?$select=Id%2CPath%2CName%2CType%2CDisplayName%2CIcon%2CIsFolder%2CParentId%2CVersion%2CPageCount%2CBinary%2CCreationDate%2CAvatar%2CDescription&metadata=no&$inlinecount=allpages&$top=10000 Referrer - http://localhost:8080/aHR0cHM6Ly9kZXYuZGVtby5zZW5zZW5ldC5jb20=/browse/eyJ0eXBlIjoic2ltcGxlIiwicm9vdCI6Ii9Sb290L0lNUy9QdWJsaWMiLCJmaWVsZHNUb0Rpc3BsYXkiOlsiRGlzcGxheU5hbWUiLCJNb2RpZmljYXRpb25EYXRlIiwiTW9kaWZpZWRCeSIsIkFjdGlvbnMiXX0%3D

@herflis

This comment has been minimized.

Copy link
Contributor Author

@herflis herflis commented Jan 8, 2020

Timestamp: 2020. 01. 08. 8:41:23 Message: Access denied. Category: General Priority: -1 EventId: 40 Severity: Warning Title: Machine: SN-DEV-WEB-03 Application Domain: IIS APPPOOL Process Id: 4568 Process Name: w3wp Managed Thread Id: 47 Thread Name: Extended Properties: Messages - ODataException: Access denied. ---- Inner Exception: SenseNetSecurityException: Access denied. at SenseNet.ContentRepository.Storage.Security.SecurityHandler.GetAccessDeniedException(Int32 nodeId, String path, String message, PermissionType[] permissionTypes, IUser user, Boolean isSubtree) at SenseNet.ContentRepository.Storage.Security.SecurityHandler.Assert(Int32 nodeId, String path, String message, PermissionType[] permissionTypes) at SenseNet.ContentRepository.Workspaces.Workspace.Save(NodeSaveSettings settings) at SenseNet.ContentRepository.SavingAction.Execute() at SenseNet.ContentRepository.GenericContent.Save(SavingMode mode) at SenseNet.ContentRepository.Content.Save(Boolean validOnly, SavingMode mode) at SenseNet.ContentRepository.Content.Save(Boolean validOnly) at SenseNet.Portal.OData.ODataHandler.CreateContent(JObject model, ODataRequest odataRequest) in E:\BuildAgent\_work\63\s\src\Services\OData\ODataHandler.cs:line 463 at SenseNet.Portal.OData.ODataHandler.ProcessRequest(HttpContext context, String httpMethod, Stream inputStream) in E:\BuildAgent\_work\63\s\src\Services\OData\ODataHandler.cs:line 206 ===================== ODataException/SenseNetSecurityException/FormattedMessage - Access denied. PermissionType: ManageListsAndWorkspaces User: Public\devdog UserId: 1496 ODataException/SenseNetSecurityException/EventId - 40 ODataException/SenseNetSecurityException/PermissionType - ManageListsAndWorkspaces ODataException/SenseNetSecurityException/User - Public\devdog UserName - Public\devdog WorkingMode - IsHttpContext - yes Url - https://dev.demo.sensenet.com/odata.svc/Root/Content?$select=Id%2CPath%2CName%2CType%2CDisplayName%2CIcon%2CIsFolder%2CParentId%2CVersion%2CPageCount%2CBinary%2CCreationDate%2CAvatar%2CDescription&metadata=no&$inlinecount=allpages&$top=10000 Referrer - http://localhost:8080/aHR0cHM6Ly9kZXYuZGVtby5zZW5zZW5ldC5jb20=/browse/eyJ0eXBlIjoiZXhwbG9yZXIiLCJyb290IjoiL1Jvb3QvQ29udGVudCIsInNlY29uZGFyeUNvbnRlbnQiOiIvUm9vdC9Db250ZW50IiwiZmllbGRzVG9EaXNwbGF5IjpbIkRpc3BsYXlOYW1lIiwiTG9ja2VkIiwiQ3JlYXRlZEJ5IiwiQWN0aW9ucyJdfQ%3D%3D

@herflis herflis modified the milestones: Sprint 200, Sprint 201 Jan 8, 2020
@herflis herflis assigned tusmester and unassigned herflis Jan 8, 2020
@herflis herflis modified the milestones: Sprint 201, Sprint 202 Jan 22, 2020
@tusmester

This comment has been minimized.

Copy link
Member

@tusmester tusmester commented Jan 30, 2020

  1. user creation: we'll fix this by setting the correct owner (themselves) in elevated mode
  2. workspace creation: currently this is a feature, ManageListsAndWorkspaces permission is required to create a workspace. This requirement may be removed --> TBD.
@herflis herflis closed this Feb 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.