[NXS-6825] Skip documents with permission error - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2022.6.0
Component/s: Security

Tags:
- SupCom
- nxnos
Backlog priority:
800
Story Points:
3

Description

When collecting all the projects for a given user, the process breaks if the user making the call does not have Read permission on one project with this stack trace

org.nuxeo.ecm.core.api.DocumentSecurityException: Privilege 'Read' is not granted to 'fbarmes'
	at org.nuxeo.ecm.core.api.AbstractSession.checkPermission(AbstractSession.java:243) ~[nuxeo-core-2021.19.10.jar:?]
	at org.nuxeo.ecm.core.api.AbstractSession.getDocument(AbstractSession.java:1000) ~[nuxeo-core-2021.19.10.jar:?]
	at com.nuxeo.studio.core.ProjectServiceImpl.documentModelToAdministrativeProperties(ProjectServiceImpl.java:745) ~[nuxeo-studio-core-2022.4.7-0-g0c827694.jar:?]
	at com.nuxeo.studio.core.ProjectServiceImpl.getProjectAdministrativeProperties(ProjectServiceImpl.java:695) ~[nuxeo-studio-core-2022.4.7-0-g0c827694.jar:?]
	at com.nuxeo.connect.rest.impl.UserRightResourceImpl.getOrgName(UserRightResourceImpl.java:75) ~[nuxeo-connect-rest-api-2022.4.7-0-g0c827694.jar:?]
	at com.nuxeo.connect.rest.impl.UserRightResourceImpl.lambda$groupByOrg$1(UserRightResourceImpl.java:66) ~[nuxeo-connect-rest-api-2022.4.7-0-g0c827694.jar:?]
	at java.util.stream.Collectors.lambda$groupingBy$53(Collectors.java:1127) ~[?:?]
	at java.util.stream.ReduceOps$3ReducingSink.accept(ReduceOps.java:169) ~[?:?]
	at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1621) ~[?:?]
	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484) ~[?:?]
	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474) ~[?:?]
	at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913) ~[?:?]
	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:?]
	at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578) ~[?:?]
	at com.nuxeo.connect.rest.impl.UserRightResourceImpl.groupByOrg(UserRightResourceImpl.java:66) ~[nuxeo-connect-rest-api-2022.4.7-0-g0c827694.jar:?]
	at com.nuxeo.connect.rest.impl.UserRightResourceImpl.getRights(UserRightResourceImpl.java:52) ~[nuxeo-connect-rest-api-2022.4.7-0-g0c827694.jar:?]
	at jdk.internal.reflect.GeneratedMethodAccessor476.invoke(Unknown Source) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) ~[jersey-server-1.19.4.jar:1.19.4]
	at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185) ~[jersey-server-1.19.4.jar:1.19.4]
	at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75) ~[jersey-server-1.19.4.jar:1.19.4]

As this implementation is new and some users/projects have not been fully migrated, it would be nice to skip the projects with a permission error and log a warn with the details (which users does not have which permission on which document) to fix the problem later.

Attachments

Activity

People

Assignee:

kshubham

Reporter:

Thierry Martins

Participants:

kshubham, Thierry Martins

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

2022-10-17 09:51

Updated:

2023-02-06 15:58

Resolved:

2023-02-06 15:58