Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-10686

Some space permissions lost after upgrade to 2.7.1

    XMLWordPrintable

Details

    Description

      The upgrade task ConsolidatePermissionsUpgradeTask may remove some space permissions during upgrade which cause users to lose some or all of their space permissions when using a case sensitive database.

      Symptoms

      • Affected users appear in the logs for the ConsolidatePermissionsUpgradeTask as having duplicate permissions removed from a space
        Example log messages
        [atlassian.confluence.upgrade.ConsolidatePermissionsUpgradeTask] doUpgrade Consolidating SpacePermissions for Space Example Space (key=Example Space).
[atlassian.confluence.upgrade.ConsolidatePermissionsUpgradeTask] removeDuplicateSpacePermissions Duplicate SpacePermission [REMOVEBLOG,0,null,Joe User] removed.
[atlassian.confluence.upgrade.ConsolidatePermissionsUpgradeTask] removeDuplicateSpacePermissions Duplicate SpacePermission [CREATEATTACHMENT,0,null,Joe User] removed.
...
      • Users no longer have their assigned permissions in the spaces
      • In the space permissions, rows for "Unknown User" appear. The permissions for this user cannot be removed

      At present this has been reported as affecting personal spaces exclusively, but it might be possible for this to affect other spaces.

      Cause

      It appears that the upgrade task may remove space permission records which are used by the HibernateSpacePermissionDao to correctly associate permissions to users. This occurs because the upgrade task is designed to consolidate permissions assigned to users which only vary by the case of the user name. Unfortunately the permission dao performs a case sensitive lookup against permissions and it is possible that the lookup will no longer match the correct records. The upgrade task is not particular with which record it deletes when consolidating the permissions.

      Resolution

      The attached class should allow the space permission lookup to find the permissions by performing a case insensitive lookup against the space permission table. We may need to look at a different approach to mitigating this problem in a future release of Confluence (e.g. a fix to the upgrade task perhaps)

      To install this patch, shut down Confluence, make the necessary directories and copy the class to confluence_installation/WEB-INF/classes/com/atlassian/confluence/security/persistence/dao/hibernate/HibernateSpacePermissionDao.class

      Permissioning should work correctly once Confluence is restarted.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. CONFSERVER-9469 Upper case letters in user names don't work with space permissions

          • Medium - Medium priority issues
          • Closed
          is related to

          Suggestion - CONFSERVER-14736 Update Usernames in Labels table to match LDAP users with different case

          • Closed

          Activity

            People

              christopher.owen@atlassian.com Christopher Owen [Atlassian]
              christopher.owen@atlassian.com Christopher Owen [Atlassian]
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: