Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Templates] Limited user cannot get list of Containers it has access to. #14134

Closed
joseorsini opened this issue Apr 16, 2018 · 6 comments
Closed

[Templates] Limited user cannot get list of Containers it has access to. #14134

joseorsini opened this issue Apr 16, 2018 · 6 comments
Labels
dotCMS : Content Management Merged Note to QA QA : Approved Release : 4.3.3 Type : Defect
Milestone
5.0_052218_REX

Comments

@joseorsini
Copy link
Contributor

joseorsini commented Apr 16, 2018
edited
Loading

Expected Behavior

Limited users, even if they have full permissions, should have access to all Templates/Containers once a Page is created, or a Template is edited and wants to add a new container to it.

Current Behavior

Any non-admin user with full grants over a Site (including Publish permissions for all assets) cannot retrieve the list of Containers it has access to because of a bug in the system.

Steps to Reproduce (for bugs)

  1. Go to Roles portlet. Select Contributor Role
  2. Assign Add To/Edit/Publish permissions to all assets.
  3. Assign Templates and Containers as available layouts/portlets for this user. This can be made on Role's "Tabs" section.
  4. Login As Joe Contributor.
  5. Go to Templates portlet.
  6. Select and template and edit it.
  7. Click on "Add Container" button. Dropdown shows as empty.

Stacktrace:

https://gist.github.com/joseorsini/ef4d83d65afd679ae9e74d046cc3aefa

Context

Reported by customer:
https://dotcms.zendesk.com/agent/tickets/95579

Your Environment

  • dotCMS version used: 4.3.2, master.
  • Browser Name and version: Any Browser.
  • Operating System and version: Any supported OS.
  • Application Server and version: Any supported application server.
  • Java Brand and version: Any supported Java version.
  • Database and version: Microsoft SQL Server 2016.
  • Application module (if apply): N/A.

Acceptance Criteria:

  • Need to be tested in 4 DBs
joseorsini added a commit that referenced this issue Apr 16, 2018
@joseorsini
#14134 fixes for MSSQL
beb9826
@joseorsini
Copy link
Contributor Author

PR: #14138

jtesser pushed a commit that referenced this issue Apr 17, 2018
@joseorsini @jtesser
#14134 fixes for MSSQL
fc2e71b
dsilvam pushed a commit that referenced this issue Apr 24, 2018
@joseorsini @dsilvam
#14134 fixes for MSSQL (#14138)
e376808
@dsilvam dsilvam added the Merged label Apr 24, 2018
@dsilvam dsilvam added this to the Rex Current milestone Apr 24, 2018
@dsilvam dsilvam modified the milestones: 5.0_050118_REX, Rex Current May 1, 2018
@DeanGonzalez
Copy link

DeanGonzalez commented May 1, 2018
edited
Loading

I just tested on Postgres and Template list opens extremely slow for a limited user... canceling a template takes a long time. And at first, the containers did not show up at all. Then later after several logins, they started appearing. In mysql, even after several attempts, I could not get container list to load and experience the same extremely slow behavior. I also got several javascript errors on the page:

image
No errors in the log though

@joseorsini
Copy link
Contributor Author

@DeanGonzalez I had the same behavior too while I was doing some tests. Thought it was something related to my local, but indeed seems to be a performance related issue.

@nollymar nollymar self-assigned this May 3, 2018
@nollymar nollymar closed this as completed May 3, 2018
@nollymar nollymar reopened this May 3, 2018
nollymar added a commit that referenced this issue May 7, 2018
@nollymar
#14134 Replacing call to PermissionedWebAssetUtil#findTemplatesForLim…
2a10cee 
…itedUser by TemplateAPI#findTemplatesUserCanUse
nollymar added a commit that referenced this issue May 7, 2018
@nollymar
#14134 Replacing call to PermissionedWebAssetUtil#findContainersForLi…
ddb2b21 
…mitedUser by ContainerFactory#findContainers
nollymar added a commit that referenced this issue May 7, 2018
@nollymar
#14134 Removing unused imports
cc9c367
@nollymar
Copy link
Contributor

nollymar commented May 7, 2018
edited
Loading

PR Core: #14315
With this PR, the following functionalities need to be tested using limited users:

  • Create/Edit a template: Listing containers should work fine
  • Create/Edit a page asset: Listing templates should work fine
  • Create/Edit a folder: Listing allowed content types should work fine

Known issue: There is a performance issue listing templates: #14316

@nollymar nollymar removed their assignment May 7, 2018
dsilvam pushed a commit that referenced this issue May 7, 2018
@nollymar @dsilvam
Issue 14134 templates limited user cannot get list of containers it h…
1afa74a 
…as access to (#14315)

* #14134 Replacing call to PermissionedWebAssetUtil#findTemplatesForLimitedUser by TemplateAPI#findTemplatesUserCanUse

* #14134 Replacing call to PermissionedWebAssetUtil#findContainersForLimitedUser by ContainerFactory#findContainers

* #14134 Removing unused imports
dsilvam added a commit that referenced this issue May 8, 2018
@dsilvam
#14134 Restore lost filtering ability
8e465fa
dsilvam added a commit that referenced this issue May 8, 2018
@dsilvam
#14134 clean up not needed layout variable
f47f156
dsilvam added a commit that referenced this issue May 8, 2018
@dsilvam
#14134 Final list.
3babe2a
dsilvam added a commit that referenced this issue May 8, 2018
@dsilvam
Issue 14134 retore template filtering (#14343)
27d57ab 
* #14134 Restore lost filtering ability

* #13134 Add Integration test for filtering

* #14134 clean up not needed layout variable

* #14134 Final list.
nollymar added a commit that referenced this issue May 8, 2018
@nollymar
#14134 Removing PermissionedWebAssetUtil class
e2fb862
@nollymar
Copy link
Contributor

nollymar commented May 8, 2018
edited
Loading

PermissionedWebAssetUtil.java has been removed here: #14344

Please @john-thomas-dotcms @DeanGonzalez consider this for changelog

@nollymar nollymar removed their assignment May 8, 2018
dsilvam pushed a commit that referenced this issue May 8, 2018
@nollymar @dsilvam
Issue 14134 templates limited user cannot get list of containers it h…
fa69f82 
…as access to (#14344)

* #14134 Replacing call to PermissionedWebAssetUtil#findTemplatesForLimitedUser by TemplateAPI#findTemplatesUserCanUse

* #14134 Replacing call to PermissionedWebAssetUtil#findContainersForLimitedUser by ContainerFactory#findContainers

* #14134 Removing unused imports

* #14134 Removing PermissionedWebAssetUtil class
@bryanboza
Copy link
Member

Fixed, tested in the last master and now we are able to use it as limited user

@wezell wezell closed this as completed May 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dotCMS : Content Management Merged Note to QA QA : Approved Release : 4.3.3 Type : Defect
Projects
None yet
Milestone
5.0_052218_REX
Development

No branches or pull requests
8 participants
@wezell @jtesser @DeanGonzalez @dsilvam @joseorsini @bryanboza @erickgonzalez @nollymar