Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-22775

[API] Permissions should handle missing limitations better

    XMLWordPrintable

    Details

    • Sprint:
      Castor Core S1, Castor Core S2

      Description

      Steps to reproduce the issue:
      • make sure http cache is enabled ( "SetEnv USE_HTTP_CACHE 1" on virtualhost config )
      • create an obj state group, with at least a couple of states
      • create a role
      • give it a policy of state/assign, with a limitation on the new state
      • assign that role to admin
      • go to backoffice
      Result:

      An exception will be thrown:

      NotFoundException: Could not find 'Limitation' with identifier 'NewState'
      
      Notes:

      On last step you'll get exception because permission system loads all roles, problem is that NewState policyLimitationType is not implemented and admin user is loaded by userhash generator funnily enough things work if you assign the same role to another user, and use it to login.

      Proposed behavior change:

      • introduce optional logging for missing limitations
      • if not provided throw like today, if provided log instead and threat as "no access" so it basically continues to next assignment and threats the "current one" as "saying no"
      • setup prod to log by default

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                gaetano.giunta@ez.no Gaetano Giunta (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 4 hours, 30 minutes
                  1d 4h 30m