Error when changing rights for a user from Administer page > Rights: Page

[ane-gabriela]

Steps to reproduce:

1. Log in as Admin
2. Click on Polls from the Applications Panel
3. From More actions click on Administer Page
4. Click on Users & Rights > Rights: Page
5. Select Users
6. Change the view rights for one user

Expected results: The Admin is allowed to restrict the page.

Actual results: A pop up message appears that informs the Admin that he doesn't have rights to make that change and some errors in the console.

2018-12-12 18:20:48,739 [http://localhost:8080/xwiki/bin/view/XPoll/?xpage=saverights&clsname=XWiki.XWikiRights&fullname=XWiki.user01&uorg=users&form_token=8TObetcGuWZrtoAv3G47Pg&action=allow&right=view] ERROR c.x.x.XWiki - Error while evaluating velocity template [saverights.vm] org.xwiki.velocity.XWikiVelocityException: Failed to evaluate content with id [/templates/saverights.vm] at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:227) at com.xpn.xwiki.render.DefaultVelocityManager.evaluate(DefaultVelocityManager.java:357) at com.xpn.xwiki.internal.template.InternalTemplateManager.evaluateContent(InternalTemplateManager.java:825) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:701) at com.xpn.xwiki.internal.template.InternalTemplateManager.lambda$renderFromSkin$0(InternalTemplateManager.java:676) at com.xpn.xwiki.internal.security.authorization.DefaultAuthorExecutor.call(DefaultAuthorExecutor.java:85) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:675) at com.xpn.xwiki.internal.template.InternalTemplateManager.renderFromSkin(InternalTemplateManager.java:654) at com.xpn.xwiki.internal.template.InternalTemplateManager.render(InternalTemplateManager.java:640) at com.xpn.xwiki.internal.template.DefaultTemplateManager.render(DefaultTemplateManager.java:78) at com.xpn.xwiki.XWiki.evaluateTemplate(XWiki.java:2290) at com.xpn.xwiki.web.Utils.parseTemplate(Utils.java:179) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:489) at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:210) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:449) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:860) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1650) at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:112) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:109) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1637) at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:134) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1629) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:190) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:188) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:168) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:166) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) at org.eclipse.jetty.server.Server.handle(Server.java:530) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:347) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:256) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:279) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102) at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:124) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:247) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:140) at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:131) at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:382) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:708) at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:626) at java.lang.Thread.run(Unknown Source) Caused by: org.apache.velocity.exception.MethodInvocationException: Invocation of method 'save' in class com.xpn.xwiki.api.Document threw exception com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document xwiki:XPoll.WebHome at 20:/templates/saverights.vm[line 103, column 6] at org.apache.velocity.runtime.parser.node.ASTMethod.handleInvocationException(ASTMethod.java:243) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:187) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:280) at org.apache.velocity.runtime.parser.node.ASTReference.render(ASTReference.java:369) at org.apache.velocity.runtime.parser.node.ASTBlock.render(ASTBlock.java:72) at org.apache.velocity.runtime.parser.node.ASTIfStatement.render(ASTIfStatement.java:87) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:342) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluateInternal(DefaultVelocityEngine.java:259) at org.xwiki.velocity.internal.DefaultVelocityEngine.evaluate(DefaultVelocityEngine.java:222) ... 63 common frames omitted Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document xwiki:XPoll.WebHome at com.xpn.xwiki.api.Document.save(Document.java:2448) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.doInvoke(UberspectImpl.java:395) at org.apache.velocity.util.introspection.UberspectImpl$VelMethodImpl.invoke(UberspectImpl.java:384) at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:173) ... 70 common frames omitted

[mflorea]

You can change the rights for the entire space because it updates only the WebPreferences page which is made editable in the pom.xml

<xwiki.extension.licensing.excludedDocuments>
  XPoll.WebPreferences
</xwiki.extension.licensing.excludedDocuments>

Setting the rights only for the home page doesn't work because the home page is protected by the licensing application. This issue is more generic. In fact you can't see rights on any page that is protected by the licensing application.

[acotiuga]

The fix proposed by @mflorea was done in 120d593. However it applies only to Rights: Page and Children and not to Rights: Page. Now, XWiki displays a nice message in that pop-up saying that the user doesn't have proper rights, which is OK (not seeing the velocity red error). Then, I wasn't able to find a valid use case for adding View rights to one user only to homepage and not also to children, because that would mean that is possible to see the livetable, but empty.
Unless we find a valid use case for adding view rights to a user only to application's homepage, I would say that there's nothing to fix in this issue.