AnsweredAssumed Answered

Bug or security policy?

Question asked by aleks_sh on Jul 23, 2009
Latest reply on Nov 24, 2011 by aleks_sh
Hi, All

I have a problem, but don't understand it.
User1 and User2 have Contributor role.
At Discussion section  - if User1 is creating message, User2 is able to add comment to it.
But at Blog section - If User2 is creating message, User2 unable to add comment - Access Denied.
At alfresco.log I see:

11:41:44,459 ERROR [org.alfresco.web.scripts.AbstractRuntime] Exception from executeScript - redirecting to status template error: 06230076 Wrapped Exception (with status template): 06230075 Failed to execute script '/org/alfresco/repository/comments/comments.post.json.js (in classpath store file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 06230074  Access Denied.You do not have the appropriate permissions to perform this operation.
org.alfresco.web.scripts.WebScriptException: 06230076 Wrapped Exception (with status template): 06230075 Failed to execute script '/org/alfresco/repository/comments/comments.post.json.js (in classpath store file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 06230074 Access Denied.You do not have the appropriate permissions to perform this operation.
at org.alfresco.web.scripts.AbstractWebScript.createStatusException(AbstractWebScript.java:613)
at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:165)
at org.alfresco.repo.web.scripts.RepositoryContainer$2.execute(RepositoryContainer.java:357)
at org.alfresco.repo.transaction.RetryingTransactionHelper.doInTransaction(RetryingTransactionHelper.java:326)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecute(RepositoryContainer.java:407)
at org.alfresco.repo.web.scripts.RepositoryContainer.transactionedExecuteAs(RepositoryContainer.java:424)
at org.alfresco.repo.web.scripts.RepositoryContainer.executeScript(RepositoryContainer.java:288)
at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:262)
at org.alfresco.web.scripts.AbstractRuntime.executeScript(AbstractRuntime.java:139)
at org.alfresco.web.scripts.servlet.WebScriptServlet.service(WebScriptServlet.java:122)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: org.alfresco.scripts.ScriptException: 06230075 Failed to execute script '/org/alfresco/repository/comments/comments.post.json.js (in classpath store file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts)': 06230074  Access Denied.You do not have the appropriate permissions to perform this operation.
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:178)
at org.alfresco.repo.processor.ScriptServiceImpl.executeScript(ScriptServiceImpl.java:274)
at org.alfresco.repo.web.scripts.RepositoryScriptProcessor.executeScript(RepositoryScriptProcessor.java:108)
at org.alfresco.web.scripts.AbstractWebScript.executeScript(AbstractWebScript.java:819)
at org.alfresco.web.scripts.DeclarativeWebScript.execute(DeclarativeWebScript.java:90)
… 21 more
Caused by: org.alfresco.repo.security.permissions.AccessDeniedException: 06230074 Access Denied.You do not have the appropriate permissions to perform this operation.
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:53)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.alfresco.repo.audit.AuditComponentImpl.audit(AuditComponentImpl.java:275)
at org.alfresco.repo.audit.AuditMethodInterceptor.invoke(AuditMethodInterceptor.java:69)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy9.addAspect(Unknown Source)
at org.alfresco.repo.jscript.ScriptNode.addAspect(ScriptNode.java:1501)
at org.alfresco.repo.jscript.ScriptNode.addAspect(ScriptNode.java:1478)
at sun.reflect.GeneratedMethodAccessor2248.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:155)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:243)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:66)
at org.mozilla.javascript.gen.c51._c8(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js:179)
at org.mozilla.javascript.gen.c51.call(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:97)
at org.mozilla.javascript.gen.c51._c11(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js:222)
at org.mozilla.javascript.gen.c51.call(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:97)
at org.mozilla.javascript.gen.c51._c12(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js:246)
at org.mozilla.javascript.gen.c51.call(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js)
at org.mozilla.javascript.optimizer.OptRuntime.callName0(OptRuntime.java:108)
at org.mozilla.javascript.gen.c51._c0(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js:266)
at org.mozilla.javascript.gen.c51.call(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:393)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2834)
at org.mozilla.javascript.gen.c51.call(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js)
at org.mozilla.javascript.gen.c51.exec(file:/opt/Alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/templates/webscripts/org/alfresco/repository/comments/comments.post.json.js)
at org.alfresco.repo.jscript.RhinoScriptProcessor.executeScriptImpl(RhinoScriptProcessor.java:449)
at org.alfresco.repo.jscript.RhinoScriptProcessor.execute(RhinoScriptProcessor.java:174)
… 25 more
Caused by: net.sf.acegisecurity.AccessDeniedException: Access is denied.
at net.sf.acegisecurity.vote.AffirmativeBased.decide(AffirmativeBased.java:86)
at net.sf.acegisecurity.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:394)
at net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:77)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.alfresco.repo.security.permissions.impl.ExceptionTranslatorMethodInterceptor.invoke(ExceptionTranslatorMethodInterceptor.java:49)
… 58 more


Please explain me sense of Roles:
Consumer - can read only. Ok
Contributor - can create nodes, and manage it. Hе can't change,delete nodes created by other users. But I can't understand why he can't add comments to Blog created by other users.
Collaborator  - can change anything, but can't delete nodes, created by other users.
Manager - can everything

Sorry for my poor english.
Thanks for any answer.

Outcomes