Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-24753

Only possible to login to platformUI with an Admin user

    Details

      Description

      When logging in to platformUI with an user that is not Admin, the login fails.
      The problem seems to be it tries to read the user without permission.
      It return HTTP status 401 Unauthorized.
      Response error:

      {"ErrorMessage":{"_media-type":"application\/vnd.ez.api.ErrorMessage+json","errorCode":401,"errorMessage"
      :"Unauthorized","errorDescription":"User does not have access to 'read' 'content'","trace":"#0 \/var
      \/www\/ezpublish-community\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/SignalSlot\/LocationService
      .php(103): eZ\\Publish\\Core\\Repository\\LocationService->loadLocation(147)\n#1 \/var\/www\/ezpublish-community
      \/ezpublish\/cache\/prod\/ezpublishProdProjectContainer.php(32706): eZ\\Publish\\Core\\SignalSlot\\LocationService-
      >loadLocation(147)\n#2 \/var\/www\/ezpublish-community\/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish
      \/Core\/REST\/Server\/Controller\/User.php(182): eZPublishCoreRepositoryLocationService_00000000123be1d0000000001634504c0583ea4f72c4773167cf6ff1d36dd1fe-
      >loadLocation(147)\n#3 [internal function]: eZ\\Publish\\Core\\REST\\Server\\Controller\\User->loadUser
      ('439')\n#4 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3109): call_user_func_array
      (Array, Array)\n#5 \/var\/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3071): Symfony\\Component
      \\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#6 \/var
      \/www\/ezpublish-community\/ezpublish\/bootstrap.php.cache(3222): Symfony\\Component\\HttpKernel\\HttpKernel-
      >handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#7 \/var\/www\/ezpublish-community
      \/ezpublish\/bootstrap.php.cache(2444): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel-
      >handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#8 \/var\/www\/ezpublish-community
      \/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(492): Symfony
      \\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true
      )\n#9 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Bundle\/FrameworkBundle
      \/HttpCache\/HttpCache.php(60): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->forward(Object
      (Symfony\\Component\\HttpFoundation\\Request), true, NULL)\n#10 \/var\/www\/ezpublish-community\/vendor
      \/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(449): Symfony\\Bundle
      \\FrameworkBundle\\HttpCache\\HttpCache->forward(Object(Symfony\\Component\\HttpFoundation\\Request)
      , true)\n#11 \/var\/www\/ezpublish-community\/vendor\/friendsofsymfony\/http-cache-bundle\/SymfonyCache
      \/EventDispatchingHttpCache.php(143): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->fetch(Object
      (Symfony\\Component\\HttpFoundation\\Request), true)\n#12 \/var\/www\/ezpublish-community\/vendor\/symfony
      \/symfony\/src\/Symfony\/Component\/HttpKernel\/HttpCache\/HttpCache.php(349): FOS\\HttpCacheBundle\
      \SymfonyCache\\EventDispatchingHttpCache->fetch(Object(Symfony\\Component\\HttpFoundation\\Request),
       true)\n#13 \/var\/www\/ezpublish-community\/vendor\/symfony\/symfony\/src\/Symfony\/Component\/HttpKernel
      \/HttpCache\/HttpCache.php(213): Symfony\\Component\\HttpKernel\\HttpCache\\HttpCache->lookup(Object
      (Symfony\\Component\\HttpFoundation\\Request), true)\n#14 \/var\/www\/ezpublish-community\/vendor\/friendsofsymfony
      \/http-cache-bundle\/SymfonyCache\/EventDispatchingHttpCache.php(122): Symfony\\Component\\HttpKernel
      \\HttpCache\\HttpCache->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#15 \/var
      \/www\/ezpublish-community\/web\/index.php(66): FOS\\HttpCacheBundle\\SymfonyCache\\EventDispatchingHttpCache-
      >handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#16 {main}","file":"\/var\/www\/ezpublish-community
      \/vendor\/ezsystems\/ezpublish-kernel\/eZ\/Publish\/Core\/Repository\/LocationService.php","line":204
      }}
      

        Issue Links

          Activity

          Hide
          André Rømcke added a comment - - edited

          The REST controller is doing it's own permission checking if I remember correctly (UserService does not, so should not be any sudo needed), so the fix is to make sure condition for content id equals current_user_id from session is taken into account in REST server.

          Show
          André Rømcke added a comment - - edited The REST controller is doing it's own permission checking if I remember correctly (UserService does not, so should not be any sudo needed) , so the fix is to make sure condition for content id equals current_user_id from session is taken into account in REST server.
          Hide
          André Rømcke added a comment -

          Merged: https://github.com/ezsystems/ezpublish-kernel/commit/711a9984f18debb689c2559e50997ae77c044564

          QA: For this please add BDD to cover login of non admin so we have coverage, instead of manual tests.

          Show
          André Rømcke added a comment - Merged: https://github.com/ezsystems/ezpublish-kernel/commit/711a9984f18debb689c2559e50997ae77c044564 QA: For this please add BDD to cover login of non admin so we have coverage, instead of manual tests.
          Show
          Miguel das Neves Jacinto (Inactive) added a comment - PR for BDD: https://github.com/ezsystems/PlatformUIBundle/pull/335

            People

            • Assignee:
              Unassigned
              Reporter:
              Miguel das Neves Jacinto (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: