Issue #338 invalid

User permissions are not updated even after relogin

Andrey Kozhyn
created an issue

Steps to reproduce: 1. Create a new user in scm admin panel

  1. Login as a user in different browser

  2. Set Administrator flag for the user

  3. Logout and login as a created user

  4. You can see menu items in the left panel, but when you navigate to Users error message is shown.

Comments (8)

  1. Sebastian Sdorra repo owner
    • changed status to open

    I could not reproduce this issue. Do you use default user for this example or do you use an external authentication mechanism (pam, ldap, ad ...)? Could you post the trace log of this steps?

  2. Andrey Kozhyn reporter

    I have configured ldap authentication, but this issue is reproduced for both - xml and ldap users. Here is trace log:

    08:50:31.459 [qtp470120990-19] DEBUG sonia.scm.security.ScmRealm - user test of type xml is marked as admin by local database
    08:50:31.459 [qtp470120990-19] DEBUG sonia.scm.security.ScmRealm - user test is not a member of a group
    08:50:31.848 [qtp470120990-26] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - user is allready authenticated
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    08:50:31.864 [qtp470120990-26] TRACE sonia.scm.api.rest.resources.RepositoryResource - remove properties and permissions from repository, because the user is not privileged
    08:50:33.747 [qtp470120990-19] TRACE sonia.scm.web.filter.BasicAuthenticationFilter - user is allready authenticated
    08:50:33.762 [qtp470120990-19] TRACE sonia.scm.security.ScmRealm - retrieve AuthorizationInfo for user test from cache
    
  3. Sebastian Sdorra repo owner

    I'm not sure if i understand your steps. I will try to describe the steps which i have done:

    1. Chrome: Login as scmadmin and create user tuser
    2. Firefox: Login as tuser
    3. Chrome: Set admin flag for user tuser
    4. Firefox: Logout and and relogin as tuser
    5. Firefox: Open users tab

    Are these steps correct? Have you anonymous access configured? Do you have a reverse proxy such as Apache or Nginx?

  4. Log in to comment