Auth bug when saving/publishing site.xml config values

I believe I’ve encountered something that feels like a system bug. It’s tested on several systems, and I get the same behaviour.

In a site with site settings from form config in site.xml, I’m unable to publish settings changes make in content studio unless I have a direct role of sysadmin/cms admin. (I’m trying to publish the changes being admin through a group belonging to the admin role.)

I get the following error.
User [user:system:test] is required to have at least one of the following roles [role:system.admin, role:cms.admin]

How to recreate:

  • Fresh XP installation
  • Add i.e. the Superhero app (or any app that has site settings).
  • Add a user, i.e. /system/user/test, and a group i.e. /system/groups/sysadmins
  • Add the user to the sysadmins group
  • Add the sysadmins group to the roles system.admin and -.login roles.

Now you have a new superuser that should be able to perform all operations. All is well so far.

  • Log in with the new user (you are now admin through the sysadmins group that has the admin role)
  • Edit the (/superhero) root site item
  • Open application settings (the pencil)
  • Edit any item and apply
  • Try to save or publish the root item. Bang. You are told you need admin privileges.

To work around the problem, you can add the test user directly to the admin role, instead of via a group. But you shouldn’t have to.

2 Likes

This is a known bug. We have fixed the problem, and the fix will be available in the next release: version 6.10
The workaround for now is what you described.
Thanks for reporting it.

3 Likes

Nice detailed report there @nerdegutt

1 Like

While I have your attention @aro and @tsi: I have another bug that is somewhat more problematic. It’s more complex to reproduce, so I just ask you here.

Do you know of a bug with the ImageSelector tool if it’s inside an option-set? It causes a javascript error when clicking the upload icon, and the file dialog doesn’t show. Workaround is to reload the page. It works the first time… Same problem if I use it in a part config or in content config.

If you know about it already it’ll save me half an hour reproducing and reporting it…

New to me at least? @Alan anything you know about?

Yes, I believe this is the same bug @rfo reported yesterday. We are verifying it now, will register as an issue after it’s confirmed.

@nerdegutt We have registered a bug in our system: https://github.com/enonic/xp/issues/4813. The fix will most likely be a part of the upcoming 6.10 release.

1 Like