Uploaded image for project: 'Sakai'
  1. Sakai
  2. SAK-38886

Authz regression for Delegated Access where users don't have permission to site

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: CLOSED
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 11.2, 12.0
    • Fix Version/s: 11.2, 12.0
    • Component/s: Kernel
    • Labels:
    • 11 status:
      Verified
    • Previous Issue Keys:
      KNL-1479
    • Test Plan:
      Hide

      Use Delegated access tool to give access to a user and then login as that user and access the site.

      Success would be user sees the site, failure would be a user gets site not available.

      Show
      Use Delegated access tool to give access to a user and then login as that user and access the site. Success would be user sees the site, failure would be a user gets site not available.

      Description

      KNL-1447 introduced a regression where authz service isAllowed() returns false when checking delegated access.

      Original query

      select count(1) from SAKAI_REALM_RL_FN MAINTABLE
              JOIN SAKAI_REALM_ROLE ROLE ON ROLE.ROLE_KEY = MAINTABLE.ROLE_KEY
              JOIN SAKAI_REALM_FUNCTION FUNCTIONS ON FUNCTIONS.FUNCTION_KEY = MAINTABLE.FUNCTION_KEY
              JOIN SAKAI_REALM REALM ON REALM.REALM_KEY = MAINTABLE.REALM_KEY
              where ROLE.ROLE_NAME = 'Instructor'
                      AND FUNCTIONS.FUNCTION_NAME = 'site.visit'
                      AND REALM.REALM_ID = '!site.template.course';
      

      returns 1

      Where the updated query from KNL-1447

      select count(1) from SAKAI_REALM_RL_FN MAINTABLE
              JOIN SAKAI_REALM_ROLE ROLE ON ROLE.ROLE_KEY = MAINTABLE.ROLE_KEY
              JOIN SAKAI_REALM_FUNCTION FUNCTIONS ON FUNCTIONS.FUNCTION_KEY = MAINTABLE.FUNCTION_KEY
              JOIN SAKAI_REALM REALM ON REALM.REALM_KEY = MAINTABLE.REALM_KEY
              where ROLE.ROLE_NAME = 'Instructor'
                      AND FUNCTIONS.FUNCTION_NAME = 'site.visit'
                      AND REALM.REALM_KEY in (select REALM_KEY from SAKAI_REALM where SAKAI_REALM.REALM_ID IN ('!site.template.course'))
                      AND MAINTABLE.REALM_KEY in (select REALM_KEY from SAKAI_REALM_RL_GR where ACTIVE = '1' and USER_ID = 'd9adb840-b89d-4df4-b378-d3d8cd3d2ba6');
      

      returns 0

        Gliffy Diagrams

          Zeplin

            Attachments

              Issue Links

                Activity

                  People

                  • Assignee:
                    k1team KERNEL TEAM (Inactive)
                    Reporter:
                    ern Earle R Nietzel
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    4 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved:

                      Git Integration