Jira will throw a 500 error if there are duplicated project roles in a permission scheme

XMLWordPrintable

    • 47
    • Severity 2 - Major
    • 1

      Summary

      Jira will throw a 500 error when accessing a project which has a permission scheme with duplicated entries in its project roles permissions.

      Steps to Reproduce

      1. Create a project
      2. Inject a duplicated role to any permissions
      3. See the 500 error when trying to access the project and the affected permission scheme is loading a blank screen

      (These steps are only reproducible by support)

      Expected Results

      Jira will be able to handle this exception and it will show an error telling customers it's caused by duplicated entries in the permission scheme.

      Actual Results

      A 500 error page will be displayed.

        com.atlassian.jira.util.dbc.Assertions$NullArgumentException: ProjectRole should not be null!
    	at com.atlassian.jira.util.dbc.Assertions.notNull(Assertions.java:25) 
    	at com.atlassian.jira.security.roles.DefaultProjectRoleManager.getProjectRoleActors(DefaultProjectRoleManager.java:216) 
    	at com.atlassian.jira.notification.type.ProjectRoleSecurityAndNotificationType.getProjectRoleActors(ProjectRoleSecurityAndNotificationType.java:206) 
    	at com.atlassian.jira.notification.type.ProjectRoleSecurityAndNotificationType.hasPermission(ProjectRoleSecurityAndNotificationType.java:159) 
    	at com.atlassian.jira.permission.DefaultPermissionSchemeManager.lambda$hasSchemePermission$3(DefaultPermissionSchemeManager.java:538)
    	at com.atlassian.jira.permission.DefaultPermissionSchemeManager.hasSchemePermission(DefaultPermissionSchemeManager.java:708) 
    	at com.atlassian.jira.permission.DefaultPermissionSchemeManager.hasSchemePermission(DefaultPermissionSchemeManager.java:538)
    	at com.atlassian.jira.security.DefaultPermissionManager.doProjectPermissionCheck(DefaultPermissionManager.java:246) 
    	at com.atlassian.jira.security.DefaultPermissionManager.hasPermission(DefaultPermissionManager.java:153) [classes/:?]
    	at com.atlassian.jira.security.WorkflowBasedPermissionManager.hasPermission(WorkflowBasedPermissionManager.java:121) com.atlassian.jira.security.ApplicationRequiredPermissionManager.lambda$hasPermission$7(ApplicationRequiredPermissionManager.jacom.atlassian.jira.security.ApplicationRequiredPermissionManager.checkUserHasApplicationOrFalse(ApplicationRequiredPermissionMacom.atlassian.jira.security.ApplicationRequiredPermissionManager.hasPermission(ApplicationRequiredPermissionManager.java:120) 
    	at com.atlassian.jira.security.SwitchingPermissionManager.hasPermission(SwitchingPermissionManager.java:98) [classes/:?]
    	at com.atlassian.jira.bc.project.ProjectAction.lambda$userHasAnyProjectPermissions$6(ProjectAction.java:177) [jira-api-1001.0.0-
    	at java.util.stream.MatchOps$1MatchSink.accept(MatchOps.java:90) [?:1.8.0_131]
    	at java.util.Collections$2.tryAdvance(Collections.java:4717) [?:1.8.0_131]
    	at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126) [?:1.8.0_131]
    	at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:498) [?:1.8.0_131]
    	at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:485) [?:1.8.0_131]
    	at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471) [?:1.8.0_131]
    	at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:230) [?:1.8.0_131]
    	at java.util.stream.MatchOps$MatchOp.evaluateSequential(MatchOps.java:196) [?:1.8.0_131]
    	at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) [?:1.8.0_131]
    	at java.util.stream.ReferencePipeline.anyMatch(ReferencePipeline.java:449) [?:1.8.0_131]
    	at com.atlassian.jira.bc.project.ProjectAction.userHasAnyProjectPermissions(ProjectAction.java:176) [jira-api-1001.0.0-
    	at com.atlassian.jira.bc.project.ProjectAction.hasPermission(ProjectAction.java:139) [jira-api-1001.0.0-SNAPSHOT.jar:?]
    	at com.atlassian.jira.bc.project.DefaultProjectService.checkActionPermission(DefaultProjectService.java:1220) [classes/:?]
    	at com.atlassian.jira.bc.project.DefaultProjectService.getProjectByKeyForAction(DefaultProjectService.java:952) [classes/:?]
    	at com.atlassian.jira.bc.project.DefaultProjectService.getProjectByKey(DefaultProjectService.java:930) [classes/:?]
    	at com.atlassian.jira.admin.ProjectAdminSidebarFeatureImpl.shouldDisplay(ProjectAdminSidebarFeatureImpl.java:32) [classes/:?]
    	at java.util.Optional.map(Optional.java:215) 
(....)
	at java.lang.Thread.run(Thread.java:748)

      Note

      Contact Support
      Affected permission scheme will load blank

        1. Screenshot 2019-10-23 at 1.22.48 PM.png
          Screenshot 2019-10-23 at 1.22.48 PM.png
          226 kB
        2. Screenshot 2019-10-23 at 1.24.27 PM.png
          Screenshot 2019-10-23 at 1.24.27 PM.png
          52 kB
        3. Screenshot 2019-10-23 at 11.45.01 AM.png
          Screenshot 2019-10-23 at 11.45.01 AM.png
          136 kB
        4. Screenshot 2020-05-12 at 10.15.04 AM.png
          Screenshot 2020-05-12 at 10.15.04 AM.png
          414 kB
        5. Screenshot 2020-05-12 at 10.15.04 AM.png
          Screenshot 2020-05-12 at 10.15.04 AM.png
          414 kB
        6. Screenshot 2020-05-12 at 10.15.04 AM.png
          Screenshot 2020-05-12 at 10.15.04 AM.png
          414 kB
        7. Untitled.png
          Untitled.png
          107 kB

            Assignee:
            Abhinaya Sinha
            Reporter:
            Daniel Brito [Atlassian] (Inactive)
            Votes:
            6 Vote for this issue
            Watchers:
            20 Start watching this issue

              Created:
              Updated:
              Resolved: