Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-83613

Omniadmin user is unable to invoke get-user-by-id and get-contact for default user

    XMLWordPrintable

    Details

      Description

      We're running into this exception (403 Forbidden) when trying to invoke get-company-users and then get-contact for each returned user.

      2018-07-19 21:52:33.023  INFO 54 --- [Timer-0] c.l.o.a.d.e.dog.impl.UserDogImpl : Body: {"$user = /user/get-company-users":{"companyId":20115,"start":0,"end":500,"$contact = /contact/get-contact":{"@contactId":"$user.contactId"}}}
2018-07-19 21:52:33.439 ERROR 54 --- [Timer-0] .a.d.e.b.OSBAsahDXPExtractorBotTimerTask : org.springframework.web.client.HttpClientErrorException: 403 Forbidden
org.springframework.web.client.HttpClientErrorException: 403 Forbidden
    at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:63) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:700) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:653) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:613) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:531) ~[spring-web-4.3.11.RELEASE.jar:4.3.11.RELEASE]
    at com.liferay.osb.asah.dxp.extractor.spring.http.HttpUtil.get(HttpUtil.java:67) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl._get(DXPClientImpl.java:83) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.client.impl.DXPClientImpl.getJSONArray(DXPClientImpl.java:44) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.dog.impl.UserDogImpl.getCompanyUsersJSONArray(UserDogImpl.java:58) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.paginate(OSBAsahDXPExtractorBot.java:301) ~[main/:na]
    at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:37) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
    at com.liferay.osb.asah.common.json.JSONArrayPaginator.<init>(JSONArrayPaginator.java:25) ~[com.liferay.osb.asah.common-1.0.0-20180712.210807-37.jar:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot$4.<init>(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateUsers(OSBAsahDXPExtractorBot.java:295) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populateCompanies(OSBAsahDXPExtractorBot.java:161) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.populate(OSBAsahDXPExtractorBot.java:133) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBot.run(OSBAsahDXPExtractorBot.java:79) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask._run(OSBAsahDXPExtractorBotTimerTask.java:143) ~[main/:na]
    at com.liferay.osb.asah.dxp.extractor.bot.OSBAsahDXPExtractorBotTimerTask.run(OSBAsahDXPExtractorBotTimerTask.java:62) ~[main/:na]
    at java.util.TimerThread.mainLoop(Timer.java:555) [na:1.8.0_171]
    at java.util.TimerThread.run(Timer.java:505) [na:1.8.0_171]  

      We figured that omniuser doesn't have permission to VIEW default user.

      We confirmed with these steps:
      1. Spin up a fresh DXP instance
      2. Log in with omniadmin user [email protected]
      3. Through /api/jsonws, invoke get-companies to get companyId

      [
  {
    "accountId": "20117",
    "active": true,
    "companyId": "20115",
    "homeURL": "",
    "key": "/Y4qoMyBD164al+vwqY9LA==",
    "logoId": "0",
    "maxUsers": 0,
    "mvccVersion": "1",
    "mx": "liferay.com",
    "system": false,
    "webId": "liferay.com"
  }
]

      4. Invoke get-company-users with companyId from result above (20115) (start -1, end -1)

      [
  {
    "agreedToTermsOfUse": true,
    "comments": "",
    "companyId": "20115",
    "contactId": "20120",
    "createDate": 1532021961711,
    "defaultUser": true,
    "emailAddress": "",
    "emailAddressVerified": false,
    "facebookId": "0",
    "failedLoginAttempts": 0,
    "firstName": "",
    "googleUserId": "",
    "graceLoginCount": 0,
    "greeting": "Welcome!",
    "jobTitle": "",
    "languageId": "en_US",
    "lastFailedLoginDate": null,
    "lastLoginDate": null,
    "lastLoginIP": "",
    "lastName": "",
    "ldapServerId": "0",
    "lockout": false,
    "lockoutDate": null,
    "loginDate": 1532021961407,
    "loginIP": "",
    "middleName": "",
    "modifiedDate": 1532022110986,
    "mvccVersion": "2",
    "openId": "",
    "portraitId": "0",
    "reminderQueryAnswer": "",
    "reminderQueryQuestion": "",
    "screenName": "20119",
    "status": 0,
    "timeZoneId": "UTC",
    "userId": "20119",
    "uuid": "63fd8e01-5c28-5398-45ed-bb4b37d4e8a0"
  },
  {
    "agreedToTermsOfUse": true,
    "comments": "",
    "companyId": "20115",
    "contactId": "20157",
    "createDate": 1532021963255,
    "defaultUser": false,
    "emailAddress": "[email protected]",
    "emailAddressVerified": true,
    "facebookId": "0",
    "failedLoginAttempts": 0,
    "firstName": "Test",
    "googleUserId": "",
    "graceLoginCount": 0,
    "greeting": "Welcome Test Test!",
    "jobTitle": "",
    "languageId": "en_US",
    "lastFailedLoginDate": null,
    "lastLoginDate": 1532022616837,
    "lastLoginIP": "10.255.0.13",
    "lastName": "Test",
    "ldapServerId": "-1",
    "lockout": false,
    "lockoutDate": null,
    "loginDate": 1532037295748,
    "loginIP": "10.255.0.13",
    "middleName": "",
    "modifiedDate": 1532037295748,
    "mvccVersion": "9",
    "openId": "",
    "portraitId": "0",
    "reminderQueryAnswer": "test",
    "reminderQueryQuestion": "what-is-your-father's-middle-name",
    "screenName": "test",
    "status": 0,
    "timeZoneId": "UTC",
    "userId": "20155",
    "uuid": "41e1579e-c58e-4012-d02b-4538c760351b"
  }
]

      5. Invoke get-user-by-id with the Id of the default user from result #4 (20119)

      "User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"

      6. Invoke get-contact with the contactId of the default user from result #4 (20120)

      "User 20155 must have VIEW permission for com.liferay.portal.kernel.model.User 20119"

      Expected:

      Omniadmin user should be able to "VIEW" default user using get-user-by-id and get-contact, since it was able to "VIEW" default user using get-company-users

        Attachments

          Activity

            People

            Assignee:
            brian.chan Brian Chan
            Reporter:
            rachael.koestartyo Rachael Koestartyo
            Participants of an Issue:
            Recent user:
            Csaba Turcsan
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              3 years, 13 weeks, 4 days ago

                Packages

                Version Package
                7.0.0 DXP FP57
                7.0.0 DXP SP9
                7.0.X
                7.1.10 DXP FP1
                7.1.1 CE GA2
                7.1.10.1 SP1
                7.1.X
                Master