-
Type:
Service Pack Request
-
Status: Closed
-
Resolution: Won't Do
-
Affects Version/s: 5.2.4
-
Fix Version/s: None
-
Component/s: ACS REST API
-
Labels:
-
Environment:RHEL, Tomcat, Postgres
-
Bug Priority:
Category 3
-
ACT Numbers:
00962911
-
Premier Customer:Yes
-
Regression Since:
-
Prioritization Score:3.55
Description:
If a user don't have appropriate permission to a node and tries to hit document detail's page a 500 error gets reported in the access logs. This should throw a 403 error as described in JIRA:
https://issues.alfresco.com/jira/browse/MNT-10156
Steps to reproduce:
- Log in as User1
- Create a Private site.
- Upload a document.
- Go to document details and copy Download link, e.g. http://localhost:8080/share/page/document-details?nodeRef=workspace://SpacesStore/70a64064-49b0-46cb-99bf-52b88a6b078d
- Log in as User2.
- Insert the link in url.
Expected Beaviour:
Access logs should show a 403 Error.
Observed Behaviour:
If you check the access logs a 500 Error gets reported
Environment Reproduction:
Alfresco 5.2.4, Tomcat, Postgres
Analysis to date:
Looking through Jira this was fixed in version 4.1.10. Testing this version does show a 410 Error being showed in the access logs. Please take a look at the file attached "results in access logs.txt. This file shows the difference in response code between version 4.1.10 and 5.2.4.