Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
5.3.4
-
Severity 3 - Minor
-
Description
I'm trying to delete user's space permissions using the spacePermissionManager via the method removeAllUserPermissions(user).
The method works well when the current user (who is trying to delete an other person's permissions) is part of the administration but I've noticed that my feature doesn't work when my user is not part of this group.
It gives me this exception:
com.atlassian.confluence.core.InsufficientPrivilegeException: User [X] does not have the required privileges.Failed to removed permissions of user with name: Y
[INFO] [talledLocalContainer] at com.atlassian.confluence.security.SpacePermissionCoordinator.removeAllUserPermissions(SpacePermissionCoordinator.java:136)
The most surprising is that this user who is not part of the "confluence-administrators" when he have a space admin permission can access the permission pannel and can delete ALL the persmissions of a user.
To resume even if the user have a space admin permissions, this method removeAllUserPermissions(user) from the Confluence API generates an exception. If the user is the administrators group and especially if he have "Confluence Administrator" and "System Administrator System" permissions he can use the API without any problem.