Cannot Update User Information When Connected to Jira or Crowd with Read and Write Permission

XMLWordPrintable

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Low
    • None
    • Affects Version/s: 6.12.0, 6.13.0
    • Component/s: User - Management, User - Profile
    • None
    • 7
    • Severity 3 - Minor
    • 2

      Summary

      When attempting to add information to a user's profile, it's not possible to save the changes if there's no write permission all the way through the origin of the user (the final directory that this user comes from).

      An example of a scenario in which the problem happens:

      1. Confluence is set with Read/Write permissions to Crowd;
      2. Crowd is connected to the internal or to an external directory in order to provide users to Confluence;
      3. The confluence application inside Crowd does not have permissions to write to the directory that the users come from.

      In this scenario, if we update the About Me section of a user's profile in Confluence, the application throws an error related to a lack of permissions as Crowd does not allow updates in the directory. However, the profile details are only stored locally in Confluence, so the application should never try to update Crowd.

      If we set Confluence to connect to Crowd/Jira with Read Only permissions, Confluence will not try to update the external directory and will successfully update the user's profile.

      Environment

      • Confluence connected to Crowd or Jira

      Steps to Reproduce

      1. Connect Confluence to a Crowd with Read/Write permissions;
      2. Create an application in Crowd for Confluence and add the internal directory as a source of users in that application;
      3. Into the created application in Crowd, go to the Permissions tab and uncheck all permissions there, then save;
      4. Now go to Confluence, log in with a user from Crowd, go to the Profile of this user and try to add anything in the About Me field, for example, then save the changes.

      Expected Results

      Confluence will update the information as it's stored locally only.

      Actual Results

      The below exception is thrown in the atlassian-confluence.log file:

      2018-10-19 13:35:24,097 WARN [http-nio-6681-exec-1] [confluence.user.actions.EditMyProfileAction] doEdit Failed to update user profile.
 -- referer: http://localhost:6681/c681/users/editmyprofile.action | url: /c681/users/doeditmyprofile.action | traceId: 7c3116f7c7315189 | userName: iecase | action: doeditmyprofile
com.atlassian.crowd.exception.runtime.OperationFailedException: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'iecase' because directory 'Atlassian Crowd server' does not allow updates.</message></error>
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.updateUser(CrowdServiceImpl.java:377)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:302)

      Caused by: com.atlassian.crowd.exception.ApplicationPermissionException: <?xml version="1.0" encoding="UTF-8" standalone="yes"?><error><reason>APPLICATION_PERMISSION_DENIED</reason><message>Cannot update user 'iecase' because directory 'Atlassian Crowd server' does not allow updates.</message></error>
	at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.throwError(RestExecutor.java:614)
	at com.atlassian.crowd.integration.rest.service.RestExecutor$MethodExecutor.andCheckResponse(RestExecutor.java:537)
	at com.atlassian.crowd.integration.rest.service.RestCrowdClient.updateUser(RestCrowdClient.java:223)
	at com.atlassian.crowd.directory.RemoteCrowdDirectory.updateUser(RemoteCrowdDirectory.java:265)
	at com.atlassian.crowd.directory.DbCachingRemoteDirectory.updateUser(DbCachingRemoteDirectory.java:617)
	at com.atlassian.crowd.manager.directory.DirectoryManagerGeneric.updateUser(DirectoryManagerGeneric.java:399)
	at com.atlassian.crowd.manager.application.ApplicationServiceGeneric.updateUser(ApplicationServiceGeneric.java:718)
	at com.atlassian.crowd.embedded.core.CrowdServiceImpl.updateUser(CrowdServiceImpl.java:363)

      Workaround

      There are two possible workarounds for this issue:

      1. Set Crowd/Jira to Read Only in Confluence; or
      2. Give write permissions in Crowd/Jira for the directory that the user comes from.

            Assignee:
            Unassigned
            Reporter:
            Eduardo Mallmann (Inactive)
            Votes:
            8 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: