Uploaded image for project: 'Bamboo Data Center'
  1. Bamboo Data Center
  2. BAM-17032

Deployment dashboard not accessible by admins that have limited access to certain deployment projects

    XMLWordPrintable

Details

    Description

      Summary

      When user without full access to all deployment projects try to access the deployment dashboard, they get the "Background page refresh cannot contact server. Please ensure Bamboo server is available." screen.

      Warnings can be seen from Bamboo logs when the error page is returned.

      2015-11-03 17:28:06,557 WARN [ajp-nio-127.0.0.105-8009-exec-10] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Authentication username has NO permissions to the domain object com.atlassian.bamboo.deployments.projects.DeploymentProjectImpl@1729d24; authenticated principal: org.acegisecurity.adapters.PrincipalAcegiUserToken@fa4521b: Username: username; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER, ROLE_RESTRICTEDADMIN; secure object: ReflectiveMethodInvocation: public abstract com.atlassian.bamboo.deployments.projects.DeploymentProject com.atlassian.bamboo.deployments.projects.service.DeploymentProjectService.getDeploymentProject(long); target is of class [com.atlassian.bamboo.deployments.projects.service.DeploymentProjectServiceImpl]; configuration attributes: [ROLE_USER, ROLE_ANONYMOUS, AFTER_ACL_READ]

      Steps to Reproduce

      • Create a deployment project.
      • Restrict permission to that deployment project to one single user.
      • Ensure the environments within the project have visibility set to all users.
      • Perform a deployment from that project
      • Log in as a different restricted admin user and go to Deploy > All Deployment Projects.

      Expected Results

      The deployment dashboard shows without any issues.

      Actual Results

      Error page "Background page refresh cannot contact server. Please ensure Bamboo server is available" is returned.

      Workarounds

      • For any restricted project, make sure the permissions on all environments in that project are a subset of the project's permissions.
      • Make all deployment projects visible to all users who need to see any deployment projects.
      • View projects one at a time rather than through the dashboard.

      Attachments

        Issue Links

          derived from

          Bug - A problem which impairs or prevents the functions of the product. BAM-16628 Deployment dashboard broken for users who cannot see all deployment projects

          • Medium - Medium priority issues
          • Closed
          is a regression of

          Bug - A problem which impairs or prevents the functions of the product. BAM-16628 Deployment dashboard broken for users who cannot see all deployment projects

          • Medium - Medium priority issues
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. BAM-17807 Restricted admin have no access to deployment projects that have no project permission granted

          • Low - Low priority issues
          • Closed

          BDEV-10744 Loading...

          Activity

            People

              Unassigned Unassigned
              vchin Vincent Chin (Inactive)
              Votes:
              5 Vote for this issue
              Watchers:
              15 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: