Details
-
Bug
-
Resolution: Fixed
-
Low
-
6.6.1, 6.7.1
-
2
-
Severity 3 - Minor
-
Description
Summary
A user with Admin permissions inherited from Project unable to delete stages.
Environment
Problem found in Bamboo 6.6.1 and later.
Steps to Reproduce
Create a user with "Admin" permissions in the "Inherited Permissions" section in the project. Create a plan under the project.
Log in as the user.
Try to delete a stage in that plan.
Expected Results
Stage is delete
Actual Results
User is unable to delete the stage
An unknown error has occurred displays in the UI.
Only a warning is shown in the atlassian-bamboo.log:
2019-01-10 09:34:17,366 INFO [http-nio-8085-exec-13] [AccessLogFilter] testuser POST http://bamboo:8085/ajax/deleteStage.action 254865kb
2019-01-10 09:34:17,373 WARN [http-nio-8085-exec-13] [AuthorizationLoggerListener] Authorization failed: org.acegisecurity.AccessDeniedException: Access is denied; authenticated principal: org.acegisecurity.adapters.PrincipalAcegiUserToken@8d9f990d: Username: EmbeddedCrowdUser{name='testuser', displayName='testuser', directoryId=7471105}; Password: [PROTECTED]; Authenticated: true; Details: null; Granted Authorities: ROLE_USER; secure object: ReflectiveMethodInvocation: public abstract void com.atlassian.bamboo.deletion.DeletionService.deleteStage(com.atlassian.bamboo.chains.cache.ImmutableChainStage); target is of class [com.atlassian.bamboo.deletion.DeletionServiceImpl]; configuration attributes: [ACL_STAGE_ADMIN]
Workaround
Explicitly assign the Admin permission for the Plan.
Notes
Attachments
Issue Links
- is related to
-
-
- Closed
-