-
Type:
Service Pack Request
-
Status: Need Info
-
Resolution: Unresolved
-
Affects Version/s: 5.2.6, Search Services 1.3.0.6
-
Fix Version/s: None
-
Component/s: ACS REST API, Search and Indexing (non-UI)
-
Labels:
-
Bug Priority:
Category 2
-
ACT Numbers:
00999859
-
Story Points:8
-
Prioritization Score:2.525
Using the REST API it is possible to add a Group with unsupported characters in it's id field. This causes two issues:
- ASMS 1.3.0.6 continually fails on ACL tracking with stack traces reported in the logs
- Viewing/ modifying the group from Share is no possible
It is not possible to introduce unsupported characters to Group ID's via Share as there is a validation check on the input.
It is not possible to reproduce with the bundle Solr 4.
Steps to reproduce
- Install 5.2.6 OOTB
- Install Search Service 1.3.0.6 and configure this to track the repository
- Create a group with invalid character in it's ID using the REST API
- Add permissions to nodes for this group
- Index nodes using Search Service
The following sequence of requests will create a problematic group id "GROUP_site_swsdp_mysitic_group_1\r\n".
The next step then add this group to the permissions of the OOTB sample site's Budget Files folder:
# Create Group curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d ' { "id": "GROUP_site_swsdp_mystic_group_1\r\n", "displayName": "site_swsdp_mystic_group_1", "parentIds": [ "GROUP_site_swsdp_SiteCollaborator" ] }' 'https://admin:admin@localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/groups' # Set Permission on swsdp Budget Files folder (from OOTB site) curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d ' { "permissions": [ { "authority":"GROUP_site_swsdp_mystic_group_1\r\n", "role":"SiteCollaborator" } ] ,"isInherited":false }' 'https://admin:admin@localhost:8080/alfresco/s/slingshot/doclib/permissions/workspace/SpacesStore/8ab12916-4897-47fb-94eb-1ab699822ecb'
Expected Behaviour
The REST API should not allow invalid characters to be set on the Group id (as is the case when creating groups using share.
Or, the ACL tracker should behave similar to the bundle Solr4.
Observed Behaviour
In Share
if you try and open the properties of the Group (Admin Tools -> Users and Groups -> Groups -> Edit Group), an error is shown:
Failed to retrieve group details for group 'site_swsdp_mystic_group_1 <br /> '.
You cannot add or remove members to the group, and you cannot access the current member list.
In Alfresco Search Service:
ACL may not be indexed correctly.
The solr log for Search Service will continually log the following stack trace:
2019-11-21 07:52:45.941 WARN (SolrTrackingPool-archive-AclTracker-1) [ ] o.a.s.t.AbstractWorkerRunnable Index tracking batch hit an unrecoverable error org.json.JSONException: Unterminated string at 17117 [character 48 line 934] at org.json.JSONTokener.syntaxError(JSONTokener.java:433) at org.json.JSONTokener.nextString(JSONTokener.java:261) at org.json.JSONTokener.nextValue(JSONTokener.java:361) at org.json.JSONArray.<init>(JSONArray.java:116) at org.json.JSONTokener.nextValue(JSONTokener.java:367) at org.json.JSONObject.<init>(JSONObject.java:215) at org.json.JSONTokener.nextValue(JSONTokener.java:364) at org.json.JSONArray.<init>(JSONArray.java:116) at org.json.JSONTokener.nextValue(JSONTokener.java:367) at org.json.JSONObject.<init>(JSONObject.java:215) at org.alfresco.solr.client.SOLRAPIClient.getAclReaders(SOLRAPIClient.java:331) at org.alfresco.solr.tracker.AclTracker$AclIndexWorkerRunnable.doWork(AclTracker.java:847) at org.alfresco.solr.tracker.AbstractWorkerRunnable.run(AbstractWorkerRunnable.java:45) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:834)
- is related to by
-
MNT-21647
REST API allows file names containing carriage returns to be created
- Open