[LPS-83613] Omniadmin user is unable to invoke get-user-by-id and get-contact for default user - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 6.1.X EE, 6.2.X EE, 7.0.X, 7.1.X, Master
Fix Version/s: 7.0.0 DXP FP57, 7.0.0 DXP SP9, 7.0.X, 7.1.10 DXP FP1, 7.1.1 CE GA2, 7.1.10.1 SP1, 7.1.X, Master
Component/s: Web Services > JSON WS
Labels:

Branch Version/s:

7.1.x, 7.0.x
Backported to Branch:

Committed
Fix Priority:
3
Git Pull Request:
https://github.com/brianchandotcom/liferay-portal/pull/61807

Description

We're running into this exception (403 Forbidden) when trying to invoke get-company-users and then get-contact for each returned user.

2018-07-19 21:52:33.023  INFO 54 --- [Timer-0] c.l.o.a.d.e.dog.impl.UserDogImpl : Body: {"$user = /user/get-company-users":{"companyId":20115,"start":0,"end":500,"$contact = /contact/get-contact":{"@contactId":"$user.contactId"}}}
2018-07-19 21:52:33.439 ERROR 54 --- [Timer-0] .a.d.e.b.OSBAsahDXPExtractorBotTimerTask : org.springframework.web.client.HttpClientErrorException: 403 Forbidden
org.springframework.web.client.HttpClientErrorException: 403 Forbidden
    at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:63) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at com.liferay.osb.asah.dxp.extractor.spring.http.HttpUtil.get(HttpUtil.java:67) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl._get(DXPClientImpl.java:83) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl.getJSONArray(DXPClientImpl.java:44) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.dog.impl.UserDogImpl.getCompanyUsersJSONArray(UserDogImpl.java:58) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.paginate(OSBAsahDXPExtractorBot.java:301) ~[main/:na]
    at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:37) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
    at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:25) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.<init>(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateUsers(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateCompanies(OSBAsahDXPExtractorBot.java:161) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populate(OSBAsahDXPExtractorBot.java:133) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.run(OSBAsahDXPExtractorBot.java:79) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask._run(OSBAsahDXPExtractorBotTimerTask.java:143) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask.run(OSBAsahDXPExtractorBotTimerTask.java:62) ~[main/:na]
    at java.util.TimerThread.mainLoop(Timer.java:555) [na:1.8.0_171]
    at java.util.TimerThread.run(Timer.java:505) [na:1.8.0_171]

We figured that omniuser doesn't have permission to VIEW default user.

We confirmed with these steps:
1. Spin up a fresh DXP instance
2. Log in with omniadmin user test@liferay.com
3. Through /api/jsonws, invoke get-companies to get companyId

[
  {
    "accountId": "20117",
    "active": true,
    "companyId": "20115",
    "homeURL": "",
    "key": "/Y4qoMyBD164al+vwqY9LA==",
    "logoId": "0",
    "maxUsers": 0,
    "mvccVersion": "1",
    "mx": "liferay.com",
    "system": false,
    "webId": "liferay.com"
  }
]

4. Invoke get-company-users with companyId from result above (20115) (start -1, end -1)

[
  {
    "agreedToTermsOfUse": true,
    "comments": "",
    "companyId": "20115",
    "contactId": "20120",
    "createDate": 1532021961711,
    "defaultUser": true,
    "emailAddress": "",
    "emailAddressVerified": false,
    "facebookId": "0",
    "failedLoginAttempts": 0,
    "firstName": "",
    "googleUserId": "",
    "graceLoginCount": 0,
    "greeting": "Welcome!",
    "jobTitle": "",
    "languageId": "en_US",
    "lastFailedLoginDate": null,
    "lastLoginDate": null,
    "lastLoginIP": "",
    "lastName": "",
    "ldapServerId": "0",
    "lockout": false,
    "lockoutDate": null,
    "loginDate": 1532021961407,
    "loginIP": "",
    "middleName": "",
    "modifiedDate": 1532022110986,
    "mvccVersion": "2",
    "openId": "",
    "portraitId": "0",
    "reminderQueryAnswer": "",
    "reminderQueryQuestion": "",
    "screenName": "20119",
    "status": 0,
    "timeZoneId": "UTC",
    "userId": "20119",
    "uuid": "63fd8e01-5c28-5398-45ed-bb4b37d4e8a0"
  },
  {
    "agreedToTermsOfUse": true,
    "comments": "",
    "companyId": "20115",
    "contactId": "20157",
    "createDate": 1532021963255,
    "defaultUser": false,
    "emailAddress": "test@liferay.com",
    "emailAddressVerified": true,
    "facebookId": "0",
    "failedLoginAttempts": 0,
    "firstName": "Test",
    "googleUserId": "",
    "graceLoginCount": 0,
    "greeting": "Welcome Test Test!",
    "jobTitle": "",
    "languageId": "en_US",
    "lastFailedLoginDate": null,
    "lastLoginDate": 1532022616837,
    "lastLoginIP": "10.255.0.13",
    "lastName": "Test",
    "ldapServerId": "-1",
    "lockout": false,
    "lockoutDate": null,
    "loginDate": 1532037295748,
    "loginIP": "10.255.0.13",
    "middleName": "",
    "modifiedDate": 1532037295748,
    "mvccVersion": "9",
    "openId": "",
    "portraitId": "0",
    "reminderQueryAnswer": "test",
    "reminderQueryQuestion": "what-is-your-father's-middle-name",
    "screenName": "test",
    "status": 0,
    "timeZoneId": "UTC",
    "userId": "20155",
    "uuid": "41e1579e-c58e-4012-d02b-4538c760351b"
  }
]

5. Invoke get-user-by-id with the Id of the default user from result #4 (20119)

"User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"

6. Invoke get-contact with the contactId of the default user from result #4 (20120)

"User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"

Expected:

Omniadmin user should be able to "VIEW" default user using get-user-by-id and get-contact, since it was able to "VIEW" default user using get-company-users

Attachments

Activity

People

Assignee:

Brian Chan

Reporter:

Rachael Koestartyo

Participants of an Issue:

Brian Chan, Rachael Koestartyo

Recent user:

Csaba Turcsan

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

19/Jul/18 3:22 PM

Updated:

10/May/19 7:40 AM

Resolved:

01/Aug/18 1:46 PM

Days since last comment:

1 year, 26 weeks, 4 days ago

Packages

Version	Package
7.0.0 DXP FP57
7.0.0 DXP SP9
7.0.X
7.1.10 DXP FP1
7.1.1 CE GA2
7.1.10.1 SP1
7.1.X
Master