Details
-
Bug
-
Resolution: Fixed
-
Medium
-
2.9, 2.9.1
-
None
Description
Steps to reproduce:
- Attach a file to PageA in SpaceA
- For SpaceA, grant userA with "View" and "Create Page" permissions only. User should be able to see edit attachment link (
CONF-11453) - Login as userA
- Edit attachment of PageA in SpaceA
- Specify a page to move the attachment to
- Click OK
The following stack trace will be prompted:
java.lang.NullPointerException
at com.atlassian.confluence.pages.actions.MoveAttachmentAction.validate(MoveAttachmentAction.java:175)
at com.opensymphony.xwork.interceptor.DefaultWorkflowInterceptor.intercept(DefaultWorkflowInterceptor.java:44)
at com.atlassian.confluence.core.ConfluenceWorkflowInterceptor.intercept(ConfluenceWorkflowInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.security.interceptors.CaptchaInterceptor.intercept(CaptchaInterceptor.java:46)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.opensymphony.xwork.interceptor.AroundInterceptor.intercept(AroundInterceptor.java:35)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.util.LoggingContextInterceptor.intercept(LoggingContextInterceptor.java:48)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.core.CancellingInterceptor.intercept(CancellingInterceptor.java:23)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
at com.atlassian.confluence.security.actions.PermissionCheckInterceptor.intercept(PermissionCheckInterceptor.java:54)
at com.opensymphony.xwork.DefaultActionInvocation.invoke(DefaultActionInvocation.java:165)
...
A more friendly message should be prompted, as it was in Confluence prior to version 2.9 (see screenshot [^move_in_281]):
You do not have permission to move this attachment to the space spaceA.
Although Confluence behaves as expected (by disallowing user to move attachment), the stack trace could cause some confusion
Attachments
Issue Links
- is related to
-
CONFSERVER-13490 Attachments can be moved to a page which the user cannot access
- Closed