-
Bug
-
Resolution: Fixed
-
High
-
No-Version
-
Severity 3 - Minor
-
NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.
We're still suffering spammers on Answers, and I can't ban them (I used to be able to on the old OSQA site). I can follow the link to their profile, and I get the "ban this user" button. I click it, and get the warning box about "this will delete them completely, are you sure?". I click yes, and it returns to their profile, having apparently done nothing. Their content is still there, as is their profile.
The spam does seem better - some sort of limit on posting from new accounts, but they're still getting through 
- causes
-
-
- Closed
-
- is related to
-
CONFSERVER-48276 Clicking "Ban this user" Button doesn't change anything
- Closed
- relates to
-
-
- Closed
-
- mentioned in
-
![[Extranet] Page](/images/icons/generic_link_16.png "[Extranet] Page")
Page
Failed to load
[CONFSERVER-47794] Users who are not administrators are not able to use the 'ban user' feature, even when reputation based permissions are configured
Norman Abramovitz
added a comment - I really hope this issue gets picked up soon. If it fails it should have at least stated an error message instead of nothing. A message like 'Sorry could not ban this user. Please click this link to inform the administrator. Keep the response internal (ie no email) and you can record whatever information you need.
Norman Abramovitz
added a comment - I really hope this issue gets picked up soon. If it fails it should have at least stated an error message instead of nothing. A message like 'Sorry could not ban this user. Please click this link to inform the administrator. Keep the response internal (ie no email) and you can record whatever information you need. Ah, that sounds logical 
I'll wait for the CQ dev team. Thanks Joe!
In seriousness, it looks as if even though we turned on instaban for people based on a karma requirement, if the banning user isn't an administrator then they don't have privileges to deactivate the spamming user account and therefore the entire ban (including deleting the content) fails.
2014-09-22 15:01:57,475 ERROR [catalina-exec-139] [common.error.jersey.ThrowableExceptionMapper] toResponse Uncaught exception thrown by REST service: User [nic brough] does not have the required privileges. -- referer: https://answers.atlassian.com/questions/users?username=m.heroz65 | url: /rest/questions/1.0/spam/instaban | userName: nic brough com.atlassian.confluence.core.InsufficientPrivilegeException: User [nic brough] does not have the required privileges. at com.atlassian.confluence.user.DefaultUserAccessor.deactivateUser(DefaultUserAccessor.java:652) at sun.reflect.GeneratedMethodAccessor1796.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at com.atlassian.spring.interceptors.SpringProfilingInterceptor.invoke(SpringProfilingInterceptor.java:16) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
Looks like you need more karma, Nic! :-p
OK, looks promising! We should be able to trace the 500 Internal Server Error to an exception in the Confluence log.
Interesting. I get images 1 and 2, but then clicking "confirm" does not get me image 3 - it just loops back to the user display.
I should have thought of firebug before, it's reporting an error on that user:
POST /rest/questions/1.0/spam/instaban?userkey=ff808181487241c701487d62db2c037f 500 Internal Server Error 1341ms ParamsHeadersPostResponseHTML <!DOCTYPE html> <html lang="en"> <head> <title>Atlassian - The Power of Software!</title> <meta charset="UTF-8"> <style> body{ background-color:#f0f7fc; color:#404040; font-family:Helvetica,Arial,Verdana,sans-serif; margin:0; padding:0; text-align:center; } div.wrapper{ background:url(/fallback-assets/CharlieZap201304.gif) no-repeat center 0; height:506px; margin:40px auto 0; padding:119px 524px 0 50px; text-align:left; width:386px; } h1{ color:#036; font-family:"kulturista-web",Helvetica,Arial,Verdana,sans-serif; font-size:18px; line-height:36px; margin-bottom:22px; } p{ font-size:16px; line-height:24px; margin-bottom:16px; } </style> <script type="text/javascript" src="https://use.typekit.com/znn3vrw.js"></script> <script type="text/javascript">try{Typekit.load();}catch(e){}</script> </head> <body> <div class="wrapper"> <h1>We are currently experiencing difficulties.<br /> Visit our <a href="http://status.atlassian.com">Status Page</a> for more information. </h1> <p> </p> </div> </body> </html>
The built-in Chrome developer tools says something a bit different:
POST https://answers.atlassian.com/rest/questions/1.0/spam/instaban?userkey=ff808181487241c701487d62db2c037f 500 (Internal Server Error) users?username=m.heroz65:33nrWrapper users?username=m.heroz65:33send batch.js:166d.extend.ajax batch.js:160(anonymous function) batch.js:718F._onclick batch.js:512d.event.dispatch batch.js:73g.handle.i batch.js:65nrWrapper users?username=m.heroz65:33
Here's a user you can test with: https://answers.atlassian.com/questions/users?username=m.heroz65
Hi lists,
Banning is working for me, so I wonder if we've mis-configured the permissions for bannning somehow. I've attached some screenshots showing what the flow is like for me.
Can you describe how the process is different for you? Do you see the green confirmation message in img #3? When you try to ban someone, can you open the browser debugger console and see if you get any error messages, or inspect the network tab and see if you can capture the request/response to the server that bans the user?
Yahoo! Instabanning is working!