Uploaded image for project: 'Alfresco'
  1. Alfresco
  2. ALF-22031

REST API calls silently rollback after the returning a success status

    Details

    • Type: Bug
    • Status: New (View Workflow)
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 5.2
    • Fix Version/s: None
    • Component/s: REST API
    • Security Level: external (External user)
    • Labels:
    • Triage:
      MNT

      Description

      Reproduction scenario :

      • Create a user "userX" in Alfresco
      • Login as "userX"
      • Create a document in Alfresco, and grab its noderef
      • Login to Alfresco as admin and delete "userX" (note deletion of users could be either done manually by a system admin, or within a user sync)
      • Using the admin account (or any account with at least contributor access to the previously created noderef), use REST API explorer (or any rest client) to get node details using the noderef noted earlier. (This should work without issues)
      • Using the admin account (or any account with at least contributor access to the previously created noderef), use REST API explorer (or any rest client) to lock (Actually any update call whose response content could contain a decorated username property referencing our deleted user) the node using the noderef noted earlier. (You should get a success message, and the response content should show that the document is locked ...)
      • Using the admin account (or any account with at least contributor access to the previously created noderef), use REST API explorer (or any rest client) to get node details using the noderef noted earlier.

      Expected result :

      The node should be properly locked (Should have the right aspect and set of properties)

      Observed result :

      The node is not locked and the transaction was rolled back

       

      Analysis :

      The logic for formatting OOTB username properties in the new REST API is using Exceptions in its application control flow, and some exceptions (actually all exceptions that extend AlfrescoRuntimeException - even caught ones) are configured to be caught by spring and set the transaction as rollback-only.

      Note the snippet catching the NoSuchPersonException : https://github.com/Alfresco/alfresco-remote-api/blob/255c7e7e2a3a4f638f16e7a6e2c69ac1493f314f/src/main/java/org/alfresco/rest/api/model/Node.java#L172

      Note that NoSuchPersonException extends PersonException which in its turn extends AlfrescoRuntimeException

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                repositoryteam Repository Team
                Reporter:
                yreg Younes REGAIEG
              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: