Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-83613

Omniadmin user is unable to invoke get-user-by-id and get-contact for default user

    Details

      Description

      We're running into this exception (403 Forbidden) when trying to invoke get-company-users and then get-contact for each returned user.

      2018-07-19 21:52:33.023  INFO 54 --- [Timer-0] c.l.o.a.d.e.dog.impl.UserDogImpl : Body: {"$user = /user/get-company-users":{"companyId":20115,"start":0,"end":500,"$contact = /contact/get-contact":{"@contactId":"$user.contactId"}}}
      2018-07-19 21:52:33.439 ERROR 54 --- [Timer-0] .a.d.e.b.OSBAsahDXPExtractorBotTimerTask : org.springframework.web.client.HttpClientErrorException: 403 Forbidden
      org.springframework.web.client.HttpClientErrorException: 403 Forbidden
          at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:63) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
          at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
          at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
          at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
          at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
          at com.liferay.osb.asah.dxp.extractor.spring.http.HttpUtil.get(HttpUtil.java:67) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl._get(DXPClientImpl.java:83) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl.getJSONArray(DXPClientImpl.java:44) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.dog.impl.UserDogImpl.getCompanyUsersJSONArray(UserDogImpl.java:58) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.paginate(OSBAsahDXPExtractorBot.java:301) ~[main/:na]
          at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:37) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
          at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:25) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.<init>(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateUsers(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateCompanies(OSBAsahDXPExtractorBot.java:161) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populate(OSBAsahDXPExtractorBot.java:133) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.run(OSBAsahDXPExtractorBot.java:79) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask._run(OSBAsahDXPExtractorBotTimerTask.java:143) ~[main/:na]
          at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask.run(OSBAsahDXPExtractorBotTimerTask.java:62) ~[main/:na]
          at java.util.TimerThread.mainLoop(Timer.java:555) [na:1.8.0_171]
          at java.util.TimerThread.run(Timer.java:505) [na:1.8.0_171]  
      

      We figured that omniuser doesn't have permission to VIEW default user.

      We confirmed with these steps:
      1. Spin up a fresh DXP instance
      2. Log in with omniadmin user test@liferay.com
      3. Through /api/jsonws, invoke get-companies to get companyId

      [
        {
          "accountId": "20117",
          "active": true,
          "companyId": "20115",
          "homeURL": "",
          "key": "/Y4qoMyBD164al+vwqY9LA==",
          "logoId": "0",
          "maxUsers": 0,
          "mvccVersion": "1",
          "mx": "liferay.com",
          "system": false,
          "webId": "liferay.com"
        }
      ]

      4. Invoke get-company-users with companyId from result above (20115) (start -1, end -1)

      [
        {
          "agreedToTermsOfUse": true,
          "comments": "",
          "companyId": "20115",
          "contactId": "20120",
          "createDate": 1532021961711,
          "defaultUser": true,
          "emailAddress": "",
          "emailAddressVerified": false,
          "facebookId": "0",
          "failedLoginAttempts": 0,
          "firstName": "",
          "googleUserId": "",
          "graceLoginCount": 0,
          "greeting": "Welcome!",
          "jobTitle": "",
          "languageId": "en_US",
          "lastFailedLoginDate": null,
          "lastLoginDate": null,
          "lastLoginIP": "",
          "lastName": "",
          "ldapServerId": "0",
          "lockout": false,
          "lockoutDate": null,
          "loginDate": 1532021961407,
          "loginIP": "",
          "middleName": "",
          "modifiedDate": 1532022110986,
          "mvccVersion": "2",
          "openId": "",
          "portraitId": "0",
          "reminderQueryAnswer": "",
          "reminderQueryQuestion": "",
          "screenName": "20119",
          "status": 0,
          "timeZoneId": "UTC",
          "userId": "20119",
          "uuid": "63fd8e01-5c28-5398-45ed-bb4b37d4e8a0"
        },
        {
          "agreedToTermsOfUse": true,
          "comments": "",
          "companyId": "20115",
          "contactId": "20157",
          "createDate": 1532021963255,
          "defaultUser": false,
          "emailAddress": "test@liferay.com",
          "emailAddressVerified": true,
          "facebookId": "0",
          "failedLoginAttempts": 0,
          "firstName": "Test",
          "googleUserId": "",
          "graceLoginCount": 0,
          "greeting": "Welcome Test Test!",
          "jobTitle": "",
          "languageId": "en_US",
          "lastFailedLoginDate": null,
          "lastLoginDate": 1532022616837,
          "lastLoginIP": "10.255.0.13",
          "lastName": "Test",
          "ldapServerId": "-1",
          "lockout": false,
          "lockoutDate": null,
          "loginDate": 1532037295748,
          "loginIP": "10.255.0.13",
          "middleName": "",
          "modifiedDate": 1532037295748,
          "mvccVersion": "9",
          "openId": "",
          "portraitId": "0",
          "reminderQueryAnswer": "test",
          "reminderQueryQuestion": "what-is-your-father's-middle-name",
          "screenName": "test",
          "status": 0,
          "timeZoneId": "UTC",
          "userId": "20155",
          "uuid": "41e1579e-c58e-4012-d02b-4538c760351b"
        }
      ]

      5. Invoke get-user-by-id with the Id of the default user from result #4 (20119)

      "User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"

      6. Invoke get-contact with the contactId of the default user from result #4 (20120)

      "User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"

      Expected:

      Omniadmin user should be able to "VIEW" default user using get-user-by-id and get-contact, since it was able to "VIEW" default user using get-company-users

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                2 years, 9 weeks, 2 days ago

                Packages

                Version Package
                7.0.0 DXP FP57
                7.0.0 DXP SP9
                7.0.X
                7.1.10 DXP FP1
                7.1.1 CE GA2
                7.1.10.1 SP1
                7.1.X
                Master