Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Cannot Reproduce
Priority: Major
Fix Version/s: None
Affects Version/s: 1.8 RC1
Component/s: {Unused} Administration Application
Labels:
None

Similar issues:

Description

Here's the behavior I got in XE 1.8 RC1 when performing the following actions:

Go to http://localhost:8080/xwiki/bin/admin/Sandbox/WebPreferences and explicitely give the admin right to an user
Go to http://localhost:8080/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object and clear every XWiki.GlobalRights object
The wiki no longer has any right specified. Every user can do everything unless a right has been specified down the way.
Try accessing the administration page of the Sandbox space (or any space where access rights have been set at the space level)
The following error is thrown:

Error number 4001 in 4: Error while parsing velocity page /templates/admin.vm Wrapped Exception: Failed to evaluate content with id [/templates/admin.vm]

Stacktrace when clicking on the error:

Error number 4001 in 4: Error while parsing velocity page /templates/admin.vm
Wrapped Exception: Failed to evaluate content with id [/templates/admin.vm]
com.xpn.xwiki.XWikiException: Error number 4001 in 4: Error while parsing velocity page /templates/admin.vm
Wrapped Exception: Failed to evaluate content with id [/templates/admin.vm]
	at com.xpn.xwiki.render.XWikiVelocityRenderer.evaluate(XWikiVelocityRenderer.java:114)
...
Wrapped Exception:
org.apache.velocity.exception.MethodInvocationException: Invocation of method 'save' in  class com.xpn.xwiki.api.Document threw exception com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document XWiki.WebPreferences @ /templates/admin.vm[58,26]
	at org.apache.velocity.runtime.parser.node.ASTMethod.execute(ASTMethod.java:286)
...
Caused by: com.xpn.xwiki.XWikiException: Error number 9001 in 9: Access denied in edit mode on document XWiki.WebPreferences
	at com.xpn.xwiki.api.Document.save(Document.java:1631)

Additional note: since every user can do everything, the current user can give Admin rights to himself at the wiki level. He will then be able to access and change the rights of the Sandbox space that he couldn't access before.

Attachments

Activity

People

Assignee:: Thomas Mortagne

Reporter:: Guillaume Lerouge

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 24/Feb/09 16:07

Updated:: 02/Jul/10 16:20

Resolved:: 02/Jul/10 16:20

Date of First Response:: 02/Jul/10 4:20 PM