Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-21070

Permissions check for inherited groups broken in tenants

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Critical
    • Resolution: Not a bug
    • Affects Version/s: 4.1 Enterprise, 4.2 Enterprise
    • Fix Version/s: None
    • Security Level: external (External user)
    • Labels:
      None

      Description

      In non-default tenant, user included in the child group unable to access documents with access rights given to a parent group

      Problem is in AuthorityBridgeTableAsynchronouslyRefreshedCache introduced in 4.1.3. It refreshes asynchronously from thread pool, there current tenant is unknown. buildCache() receives tenantId as a parameter, passes into transaction, but in the doBuildCache() parameter tenantId is not used. Instead, AbstractAuthorityBridgeDAO.getAuthorityBridgeLinks() uses tenant service to get tenant-specific store ID - it is useless, we are in the pooled thread...

      Result is that AuthorityDAU does not have proper ancestors links for tenants, and is unable to trace rights inheritance

        Attachments

          Activity

            People

            • Assignee:
              closedissues Closed Issues
              Reporter:
              valery.antonov Valery Antonov
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: