Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when changing rights for a user from Administer page > Rights: Page #29

Closed
ane-gabriela opened this issue Dec 12, 2018 · 2 comments
Assignees
Milestone

Comments

@ane-gabriela
Copy link

@ane-gabriela ane-gabriela commented Dec 12, 2018

Steps to reproduce:

  1. Log in as Admin
  2. Click on Polls from the Applications Panel
  3. From More actions click on Administer Page
  4. Click on Users & Rights > Rights: Page
  5. Select Users
  6. Change the view rights for one user

Expected results: The Admin is allowed to restrict the page.

Actual results: A pop up message appears that informs the Admin that he doesn't have rights to make that change and some errors in the console.

xpollpagerights

2018-12-12 18:20:48,739 [http://localhost:8080/xwiki/bin/view/XPoll/?xpage=saverights&clsname=XWiki.XWikiRights&fullname=XWiki.user01&uorg=users&form_token=8TObetcGuWZrtoAv3G47Pg&action=allow&right=view] ERROR c.x.x.XWiki - Error while evaluating velocity template [saverights.vm] org.xwiki.velocity.XWikiVelocityException: Failed to evaluate content with id [/templates/saverights.vm] at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:227) at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:357) at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:825) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:701) at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:676) at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:85) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:675) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:654) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:640) at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78) at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2290) at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:179) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:489) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:109) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:134) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1629) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:530) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626) at java.lang.Thread.run(Unknown Source) Caused by: org.apache.velocity.exception.MethodInvocationException: Invocation of method 'save' in class com.xpn.xwiki.api.Document threw exception com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document xwiki:XPoll.WebHome at 20:/templates/saverights.vm[line 103, column 6] at org.apache.velocity.runtime.parser.node.ASTMethod.handleInvocationException(ASTMethod.java:243) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:187) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280) at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222) ... 63 common frames omitted Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document xwiki:XPoll.WebHome at com.xpn.xwiki.api.Document.save(Document.java:2448) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173) ... 70 common frames omitted

@ane-gabriela ane-gabriela added this to the 1.11 milestone Dec 12, 2018
@mflorea

This comment has been minimized.

Copy link

@mflorea mflorea commented Dec 13, 2018

You can change the rights for the entire space because it updates only the WebPreferences page which is made editable in the pom.xml

<xwiki.extension.licensing.excludedDocuments>
  XPoll.WebPreferences
</xwiki.extension.licensing.excludedDocuments>

Setting the rights only for the home page doesn't work because the home page is protected by the licensing application. This issue is more generic. In fact you can't see rights on any page that is protected by the licensing application.

@acotiuga acotiuga self-assigned this Feb 5, 2019
@acotiuga acotiuga modified the milestones: 1.11, 1.10.2 Feb 5, 2019
@acotiuga

This comment has been minimized.

Copy link
Collaborator

@acotiuga acotiuga commented Feb 5, 2019

The fix proposed by @mflorea was done in 120d593. However it applies only to Rights: Page and Children and not to Rights: Page. Now, XWiki displays a nice message in that pop-up saying that the user doesn't have proper rights, which is OK (not seeing the velocity red error). Then, I wasn't able to find a valid use case for adding View rights to one user only to homepage and not also to children, because that would mean that is possible to see the livetable, but empty.
Unless we find a valid use case for adding view rights to a user only to application's homepage, I would say that there's nothing to fix in this issue.

@acotiuga acotiuga modified the milestones: 1.10.2, 1.11 Feb 5, 2019
@acotiuga acotiuga removed this from the 1.11 milestone Mar 27, 2019
@acotiuga acotiuga added the Type: Bug label Aug 19, 2019
@acotiuga acotiuga closed this Oct 14, 2019
@acotiuga acotiuga modified the milestones: 1.10.10, 2.0 Oct 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.