-
Type:
Bug
-
Resolution: Fixed
-
Priority:
Low
-
Affects Version/s: 5.12.2, 5.12.3.1, 6.3.2, 6.6.2
-
Component/s: Deployments
-
5
-
Severity 3 - Minor
-
0
Summary
If a restricted admin does not have permission to a particular deployment project, he/she is unable to view the deployment project
Steps to Reproduce
- Create a user with restricted admin permission
- Create a deployment project
- Remove access permission for logged in users and anonymous
- Access the deployment project using restricted admin account
Expected Results
Restricted admins should be able to access the project similar to admins
Actual Results
Restricted admins gets hit with a Access denied page.
The following is thrown in the logs:
atlassian-bamboo.log
2016-08-11 14:57:16,793 WARN [http-nio-8085-exec-14] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Authentication user1 has NO permissions to the domain object com.atlassian.bamboo.deployments.projects.DeploymentProjectImpl@69819071; authenticated principal: org.acegisecurity.adapters.PrincipalAcegiUserToken@e906547f: Username: id:2 name:user1 fullName:Bamboo User 1 email:user1@bamboo.com created:2016-07-13 23:12:38.0; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER, ROLE_RESTRICTEDADMIN; secure object: ReflectiveMethodInvocation: public abstract com.atlassian.bamboo.deployments.projects.DeploymentProject com.atlassian.bamboo.deployments.projects.service.DeploymentProjectService.getDeploymentProject(long); target is of class [com.atlassian.bamboo.deployments.projects.service.DeploymentProjectServiceImpl]; configuration attributes: [ROLE_USER, ROLE_ANONYMOUS, AFTER_ACL_READ] 2016-08-11 14:57:16,794 INFO [http-nio-8085-exec-14] [ViewDeploymentProjects] Access denied to project:2228225
Notes
Viewing a build result that have related release will have the following error:
2018-09-12 18:18:57,646 WARN [http-nio-8085-exec-18] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Authentication admin has NO permissions to the domain object com.atlassian.bamboo.deployments.projects.DeploymentProjectImpl@6d796f43; authenticated principal: org.acegisecurity.adapters.PrincipalAcegiUserToken@b2fabcf4: Username: EmbeddedCrowdUser{name='admin', displayName='admin', directoryId=65537}; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER, ROLE_RESTRICTEDADMIN; secure object: ReflectiveMethodInvocation: public abstract com.atlassian.bamboo.deployments.projects.DeploymentProject com.atlassian.bamboo.deployments.projects.service.DeploymentProjectService.getDeploymentProject(long) throws org.acegisecurity.AccessDeniedException; target is of class [com.atlassian.bamboo.deployments.projects.service.DeploymentProjectServiceImpl]; configuration attributes: [ROLE_USER, ROLE_ANONYMOUS, AFTER_ACL_READ]
2018-09-12 18:18:57,655 WARN [http-nio-8085-exec-18] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Authentication admin has NO permissions to the domain object com.atlassian.bamboo.deployments.projects.DeploymentProjectImpl@749bc378; authenticated principal: org.acegisecurity.adapters.PrincipalAcegiUserToken@b2fabcf4: Username: EmbeddedCrowdUser{name='admin', displayName='admin', directoryId=65537}; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER, ROLE_RESTRICTEDADMIN; secure object: ReflectiveMethodInvocation: public abstract com.atlassian.bamboo.deployments.projects.DeploymentProject com.atlassian.bamboo.deployments.projects.service.DeploymentProjectService.getDeploymentProject(long) throws org.acegisecurity.AccessDeniedException; target is of class [com.atlassian.bamboo.deployments.projects.service.DeploymentProjectServiceImpl]; configuration attributes: [ROLE_USER, ROLE_ANONYMOUS, AFTER_ACL_READ]
2018-09-12 18:18:57,662 ERROR [http-nio-8085-exec-18] [runtime] Error executing FreeMarker template
FreeMarker template error:
An error has occurred when reading existing sub-variable "manualVariables"; see cause exception! The type of the containing value was: extended_hash+string (com.atlassian.bamboo.ww2.actions.chains.ViewChainResult wrapped into f.e.b.StringModel)
----
FTL stack trace ("~" means nesting-related):
- Failed at: #macro displayManualVariables result ... [in template "lib/components.ftl" in macro "displayManualVariables" at line 892, column 1]
- Reached through: @cp.displayManualVariables action.res... [in template "URLTemplate" at line 1, column 1]
----
Java stack trace (for programmers):
----
freemarker.core._TemplateModelException: [... Exception message was already printed; see it above ...]
...
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor1397.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at freemarker.ext.beans.BeansWrapper.invokeMethod(BeansWrapper.java:1459)
at freemarker.ext.beans.BeanModel.invokeThroughDescriptor(BeanModel.java:236)
at freemarker.ext.beans.BeanModel.get(BeanModel.java:154)
... 322 more
Caused by: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.atlassian.bamboo.resultsummary.AbstractResultsSummary.variableContextLogs, could not initialize proxy - no Session
...
2018-09-12 18:18:57,681 ERROR [http-nio-8085-exec-18] [runtime] Error executing FreeMarker template
FreeMarker template error:
Java method "com.atlassian.bamboo.jira.jiraissues.JiraIssueUtils.getRenderedString(String, com.atlassian.bamboo.resultsummary.ImmutableResultsSummary)" threw an exception when invoked on com.atlassian.bamboo.jira.jiraissues.JiraIssueUtils object "com.atlassian.bamboo.jira.jiraissues.JiraIssueUtils@21f9c30"; see cause exception in the Java stack trace.
----
FTL stack trace ("~" means nesting-related):
- Failed at: ${jiraIssueUtils.getRenderedString(ht... [in template "freemarker-lib/ui.ftl" in macro "renderValidJiraIssues" at line 424, column 5]
- Reached through: @ui.renderValidJiraIssues commit.comm... [in template "templates/plugins/webRepository/commonCommitSummaryView.ftl" in macro "displayCommitSummary" at line 53, column 25]
- Reached through: @commitSummaryView.displayCommitSumma... [in template "lib/resultSummary.ftl" in macro "showChanges" at line 449, column 21]
- Reached through: @ps.showChanges buildResultsSummary=a... [in template "URLTemplate" at line 4, column 1]
----
Java stack trace (for programmers):
----
freemarker.core._TemplateModelException: [... Exception message was already printed; see it above ...]
...
Caused by: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.atlassian.bamboo.resultsummary.AbstractResultsSummary.jiraIssues, could not initialize proxy - no Session
...
2018-09-12 18:18:57,699 ERROR [http-nio-8085-exec-18] [runtime] Error executing FreeMarker template
FreeMarker template error:
Java method "com.atlassian.bamboo.ww2.actions.chains.ViewChainResult.hasSharedArtifacts(com.atlassian.bamboo.chains.ChainResultsSummary)" threw an exception when invoked on com.atlassian.bamboo.ww2.actions.chains.ViewChainResult object "com.atlassian.bamboo.ww2.actions.chains.ViewChainResult@19c418a2"; see cause exception in the Java stack trace.
----
FTL stack trace ("~" means nesting-related):
- Failed at: #assign sharedArtifactsFound = action... [in template "URLTemplate" at line 4, column 1]
----
Java stack trace (for programmers):
----
freemarker.core._TemplateModelException: [... Exception message was already printed; see it above ...]
...
Caused by: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.atlassian.bamboo.resultsummary.AbstractResultsSummary.artifactLinks, could not initialize proxy - no Session
Workaround
Grant permission explicitly in project permission to restricted admins
- relates to
-
-
- Closed
-