Uploaded image for project: 'Confluence Server and Data Center'
  1. Confluence Server and Data Center
  2. CONFSERVER-54887

Unable to edit space permissions when group name contains an apostrophe or single quote

    XMLWordPrintable

Details

    Description

      Summary

      It's not possible to edit space permissions once a group which includes an apostrophe or single quote in the name is given permissions on said space.

      Synopsis and Details

      Repro Steps

      1. Create a group with the offending character, such as:
        this group's name is bad
      1. Navigate to any space
      2. Go to space permissions
      3. Add this group with any permissions
        • Or, if it already exists in that space's permissions, make some change (anything) to the permissions on screen
      4. Click Save
      5. Save never completes, and it appears as though the page froze

      Expected Results

      The space permissions are updated according to the selection on screen

      Actual Results

      The space permissions are not updated due to a bug in our code which doesn't escape single quotes in group names:

      /**
       * @module confluence/space-permissions-table
       */
      var $original = self.$el.find("input[name='" + checkbox.name.replace('checkbox', 'initial') + "']");
      

      This is the error captured by debugging the java script:

      DOMException: Failed to execute 'querySelectorAll' on 'Element': '[id='gPermissionsTable']
      input[name='confluence_initial_viewspace_group_dl this group's name is bad']' is not a valid selector
      

      How to confirm you have this issue

      If you are experiencing the symptoms, you can debug the javascript on the page to confirm:

      1. Go to a space (which has the issue) > space tools > space permissions
      2. Click Edit
      3. Make some changes, such as adding a user or modifying an existing user
      4. Open Developer Tools, if you Search in all files and search for confluence/space-permissions-form then you can put a breakpoint on the submit: function () { part.
        • Since the Javscript code is minified, you can beautify it by clicking on { } after you go that line and set the breakpoint there.
        • Be sure to click "Pause on exceptions"
      5. Click Save on the UI
      6. Step through the code until the exception is found

      Screenshots showing the issue

      Workarounds

      Until this bug is fixed (probably by using group ID's instead of group names to name permission DOM elements), you have two options to work around this.

      Option 1

      Rename the group to remove the single quote / apostrophe characters

      Option 2

      You can make changes to space permissions via REST, for example:

      curl -i -X POST -H "X-Atlassian-Token: no-check" -H "Authorization: Basic YWRtaW46YWRtaW4=" -d "confluence_checkbox_viewspace_group_super-editor=on&confluence_checkbox_removeowncontent_group_super-editor=on&confluence_checkbox_editspace_group_super-editor=on&confluence_checkbox_removepage_group_super-editor=on&groupsToAdd=confluence-administrators" http://localhost:8080/confluence/spaces/doeditspacepermissions.action?key=TEST
      
      How-to
      1. First, you'll need to use basic authentication to pass your account details (passing them in clear text is also supported, but discouraged for security reasons).
      2. In the above code snippet, it is adding the following permissions: View Space, Delete Own Content, Add Pages, Delete Pages. T
        1. These are purely examples; the changes you need to make will depend on your business case.
        2. For the sake of completeness, there are other permissions you can add here as well. The full list is:
                 [["viewspace", "removeowncontent"],
                  ["editspace", "removepage"],
                  ["editblog", "removeblog"],
                  ["createattachment", "removeattachment"],
                  ["comment", "removecomment"],
                  ["setpagepermissions"],
                  ["removemail"],
                  ["exportspace", "setspacepermissions"]]
          
        1. To add one of these permissions, you'll need to embed it within: confluence_checkbox_<PERMISSION HERE>_group_super-editor and give that a value of on, like in the above code snippet.
      1. You'll need to update the URL, and use it for each space key of which you want to grant/remove permissions.
      Option 2 Caveats

      If you are terminating SSL at the reverse proxy, you will need to ensure you pass the certificate in the request, or bypass the proxy and connect directly to Confluence on a non-secure port. In this scenario, to be able to apply the workaround solution, you need to add an extra http connector in the file server.xml:

      <Connector port="8095" connectionTimeout="20000" redirectPort="8443" maxThreads="300" minSpareThreads="10" enableLookups="false" acceptCount="10" URIEncoding="UTF-8" protocol="HTTP/1.1" /> 
      

      After a restart, fire the same curl request you crafted on the local Confluence machine pointed at port 8095 (per the example above) with your credentials.

      You may also need to temporarily disable the admin security system during the workaround solution implementation with the steps mentioned on the page Configuring XSRF Protection to allow the cross-site request and the page Configuring Secure Administrator Sessions to disable the secure session so you do not need to authenticate again for the admin operation, example:

      curl -i -k -X POST -H "X-Atlassian-Token: no-check" -H "Authorization: Basic YWRtaW46YWRtaW4=" -d "confluence_checkbox_viewspace_group_confluence-administrators=on&confluence_checkbox_removeowncontent_group_confluence-administrators=on&confluence_checkbox_editspace_group_confluence-administrators=on" http://localhost:8090/confluence/spaces/doeditspacepermissions.action?key=TEST
      

      It will return 302 with the Location "/spaces/spacepermissions.action?key=TEST" - This will add the necessary space permission to the group "confluence-administrators" (example) on each space.

      Option 3

      Remove permissions from the affected group and make a change in the confluence-administrators group. After the change, the save button will be available to click.

      1. Edit space permission.
      2. Remove the permissions of the affected group.
      3. Make a modification in the confluence-administrators group.
      4. Save the changes.

      Attachments

        1. space-perms1.png
          space-perms1.png
          276 kB
        2. space-perms2.png
          space-perms2.png
          522 kB

        Activity

          People

            Unassigned Unassigned
            jwyllys Justin W.
            Votes:
            11 Vote for this issue
            Watchers:
            16 Start watching this issue

            Dates

              Created:
              Updated: