0013426: deleteUser fails partly saying you don't have permission #6641

Closed
Gloirin opened this Issue Jun 9, 2018 · 2 comments

Comments

Projects
None yet
1 participant
@Gloirin

Gloirin commented Jun 9, 2018

Reported by lab-at-nohl on 10 Sep 2017 23:46

Version: 2017.08.3 Community Edition

On deleting a user my installation says: "Sie sind nicht berechtigt, diese Aktion auszuführen".

The log (additional information) shows: "It is not allowed to delete a contact linked to an user account!"

It seems to me that deleting users is broken but it still works partly.

Steps to reproduce: Anyway, account is removed from Ldap and not shown in admin's list anymore. But you can't create another user with the same name. I guess an ActionQueue job will delete it from database later. But without deleting the account you can't delete the contact meanwhile it seems...

I don't know if account will be removed by ActionQueue finally because I deleted it in Db (didn't realize the ActionQueue before).

Additional information: 55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_User_Ldap::_getLdapEntry::677 filter (&(objectclass=posixaccount)(entryuuid=958ba4f6-2ac8-1037-99f7-e53f52d623db))
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_User_Sql::deleteUserInSqlBackend::1156 Deleting usertest2
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): Tinebase_ActionQueue::queueAction::192 Queueing action: 'Tinebase_FOO_User.directDeleteUserInSqlBackend'
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_ActionQueue_Backend_Redis::send::216 queued job a20774a0471a700fb8e76cb5672cc262f67f519e on queue TinebaseQueueQueue (datastructname: TinebaseQueueData)
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_Controller_Record_ModlogTrait::_writeModLog::71 Writing modlog for Tinebase_Model_FullUser
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): Tinebase_User_Ldap::deleteUserInSyncBackend::618 delete user uid=test2,ou=people,ou=tine20,dc=server,dc=de from sync backend (LDAP)
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): Tinebase_Controller_Record_Abstract::delete::1487 Deleting 1 of Addressbook_Model_Contact records ...
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_FileSystem_RecordAttachments::getRecordAttachments::65 Fetching attachments of Addressbook_Model_Contact record with id dcb319671c75fdde5ca0eee7c78c9d80eee33f04 ...
55189 6b156 admin - 2017-09-10T23:09:32+00:00 ERR (3): Tinebase_Controller_Record_Abstract::delete::1521 It is not allowed to delete a contact linked to an user account!
55189 6b156 admin - 2017-09-10T23:09:32+00:00 WARN (4): Tinebase_Server_Json::_handleException::368 Addressbook_Exception_AccessDenied -> It is not allowed to delete a contact linked to an user account!
55189 6b156 admin - 2017-09-10T23:09:32+00:00 ERR (3): Tinebase_Exception::log::104 Addressbook_Exception_AccessDenied -> It is not allowed to delete a contact linked to an user account!
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): index.php (25) METHOD: Tinebase_Server_Json::Admin.deleteUsers / TIME: 195ms / Memory usage: 6 MB / Real patch cache size: 106329 / PID: 9727

@Gloirin Gloirin added this to the 2017.08.5 Community Edition milestone Jun 9, 2018

@Gloirin Gloirin self-assigned this Jun 9, 2018

@Gloirin Gloirin closed this Jun 9, 2018

@Gloirin

This comment has been minimized.

Show comment
Hide comment
@Gloirin

Gloirin Jun 11, 2018

Comment posted by pmehrer on 12 Sep 2017 10:23

http://gerrit.tine20.com/customers/5639

Gloirin commented Jun 11, 2018

Comment posted by pmehrer on 12 Sep 2017 10:23

http://gerrit.tine20.com/customers/5639

@Gloirin

This comment has been minimized.

Show comment
Hide comment
@Gloirin

Gloirin Jun 11, 2018

Comment posted by pmehrer on 12 Sep 2017 10:50

Thank you for reporting this issue. We have fixed it.

you can resolve it by removing the complete method body of \Addressbook_Controller_Contact::inspectDeleteUser in the file Addressbook/Controller/Contact.php ~ line 1111

/**
* delete user by id
*
* @param Tinebase_Model_FullUser $_user
*/
public function inspectDeleteUser(Tinebase_Model_FullUser $_user)
{
// this will be handled in \Addressbook_Controller::_handleEvent
}

one comment on your Redis ActionQueue: is it working properly? If setup correctly it does, but it needs proper setup. So if you are unsure if it is setup correctly, it may not be so. In doubt don't use it. It is a rather advanced feature. Of course you are very welcome to use it if it works for you.

Gloirin commented Jun 11, 2018

Comment posted by pmehrer on 12 Sep 2017 10:50

Thank you for reporting this issue. We have fixed it.

you can resolve it by removing the complete method body of \Addressbook_Controller_Contact::inspectDeleteUser in the file Addressbook/Controller/Contact.php ~ line 1111

/**
* delete user by id
*
* @param Tinebase_Model_FullUser $_user
*/
public function inspectDeleteUser(Tinebase_Model_FullUser $_user)
{
// this will be handled in \Addressbook_Controller::_handleEvent
}

one comment on your Redis ActionQueue: is it working properly? If setup correctly it does, but it needs proper setup. So if you are unsure if it is setup correctly, it may not be so. In doubt don't use it. It is a rather advanced feature. Of course you are very welcome to use it if it works for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment