-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 2023.1.5
-
Component/s: Connect / Account Management
An org admin is unable to add groups to a user at https://connect.nuxeo.com/nuxeo/site/connect/account/ORG_ID_HERE#users.
The thing when an org admin tries to add a user to a group at https://connect.nuxeo.com/nuxeo/site/connect/account/ORH_ID_HERE#groups.
How to reproduce:
- log in as the org admin of an organization
- go to Users tab
- select a user
- click the Manage Groups button
- in the popup window, assign a group to the user
- click the Confirm button
Expected result: the popup window closes and the group is assigned to the user
Actual result: the popup window does not close and the group is not assigned to the user
The nos/graphql request gets a HTTP 200 response but it contains an error message with a stacktrace:
{
"errors": [
{
"message": "Exception while fetching data (/updateUserRelations) : User ORG_ADMIN_USERNAME_HERE does not have Write permission",
"path": [
"updateUserRelations"
],
"exception": {
"cause": null,
"stackTrace": [
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "checkPermission",
"fileName": "BaseSession.java",
"lineNumber": 155,
"className": "org.nuxeo.ecm.directory.BaseSession",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateEntry",
"fileName": "BaseSession.java",
"lineNumber": 445,
"className": "org.nuxeo.ecm.directory.BaseSession",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateGroup",
"fileName": "UserManagerImpl.java",
"lineNumber": 1446,
"className": "org.nuxeo.ecm.platform.usermanager.UserManagerImpl",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateGroup",
"fileName": "UserManagerWithComputedGroups.java",
"lineNumber": 251,
"className": "org.nuxeo.ecm.platform.computedgroups.UserManagerWithComputedGroups",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateGroup",
"fileName": "UserManagerImpl.java",
"lineNumber": 1030,
"className": "org.nuxeo.ecm.platform.usermanager.UserManagerImpl",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateGroupMembers",
"fileName": "ConnectGroupsServiceImpl.java",
"lineNumber": 540,
"className": "com.nuxeo.connect.security.ConnectGroupsServiceImpl",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateMembersForCustomGroup",
"fileName": "ConnectGroupsServiceImpl.java",
"lineNumber": 380,
"className": "com.nuxeo.connect.security.ConnectGroupsServiceImpl",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "updateUserGroupsRelations",
"fileName": "MutationUpdateUserRelations.java",
"lineNumber": 119,
"className": "com.nuxeo.connect.rest.service.datafetcher.user.MutationUpdateUserRelations",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "get",
"fileName": "MutationUpdateUserRelations.java",
"lineNumber": 81,
"className": "com.nuxeo.connect.rest.service.datafetcher.user.MutationUpdateUserRelations",
"nativeMethod": false
},
{
"classLoaderName": null,
"moduleName": null,
"moduleVersion": null,
"methodName": "get",
"fileName": "MutationUpdateUserRelations.java",
"lineNumber": 35,
"className": "com.nuxeo.connect.rest.service.datafetcher.user.MutationUpdateUserRelations",
"nativeMethod": false
},
...
{
"classLoaderName": null,
"moduleName": "java.base",
"moduleVersion": "11.0.14.1",
"methodName": "run",
"fileName": "Thread.java",
"lineNumber": 829,
"className": "java.lang.Thread",
"nativeMethod": false
}
],
"infos": [],
"statusCode": 500,
"originalMessage": "User ORG_ADMIN_USERNAME_HERE does not have Write permission",
"message": "User ORG_ADMIN_USERNAME_HERE does not have Write permission",
"suppressed": [],
"localizedMessage": "User ORG_ADMIN_USERNAME_HERE does not have Write permission"
},
"locations": [
{
"line": 2,
"column": 3,
"sourceName": null
}
],
"extensions": null,
"errorType": "DataFetchingException"
}
],
"data": {
"updateUserRelations": null
},
"extensions": null,
"dataPresent": true
}