mesh
mesh copied to clipboard
gentics
Permissions applied to one node are applied to other nodes too
Gentics Mesh Version, operating system, or hardware.
- v0.27.2
- v0.27.1
Operating System
- MacOSX
JVM
- Oracle JDK 1.8.0_100
Problem
When you set permissions for a role on one node, those permissions are applied to other nodes too.
Reproducer
I created a small test project with a user, a group and a role. Created 3 schemas and one node from each schema. If you change the permission for the role on one of the three nodes, those permissions are applied to the other nodes too. It makes no difference if I use recursive or not. The node structure looks like (all test nodes are on the same level):
folder
|_ node 1 <schema 1>
|_ node 2 <schema 2>
|_ node 3 <schema 3>
I created a small python script to reproduce the problem:
- Start a clean instance of mesh
- Create a virtual env
- Install the requirements (which are requests only):
pip install -r requirements.txt - Start the script:
python bug_script.py - Check the printouts on the console
My example:
Created test schemas.
Created test role.
Created test group and added test role.
Created test user and added it to test group
Created test schema schema_1.
Created test schema schema_2.
Created test schema schema_3.
Create test project.
Created test node schema_1.
Created test node schema_2.
Created test node schema_3.
----------------------------------
Set permissions {'permissions': {'create': False, 'read': False, 'update': False, 'delete': True, 'publish': False, 'readPublished': True}, 'recursive': False} for node schema_1.
Node schema_1 has permissions {'create': False, 'read': False, 'update': False, 'delete': True, 'publish': False, 'readPublished': True}
Node schema_2 has permissions {'create': False, 'read': False, 'update': False, 'delete': True, 'publish': False, 'readPublished': True}
Node schema_3 has permissions {'create': False, 'read': False, 'update': False, 'delete': True, 'publish': False, 'readPublished': True}
---
Set permissions {'permissions': {'create': True, 'read': True, 'update': True, 'delete': True, 'publish': True, 'readPublished': True}, 'recursive': False} for node schema_2.
Node schema_1 has permissions {'create': True, 'read': True, 'update': True, 'delete': True, 'publish': True, 'readPublished': True}
Node schema_2 has permissions {'create': True, 'read': True, 'update': True, 'delete': True, 'publish': True, 'readPublished': True}
Node schema_3 has permissions {'create': True, 'read': True, 'update': True, 'delete': True, 'publish': True, 'readPublished': True}
---
Set permissions {'permissions': {'create': False, 'read': False, 'update': False, 'delete': False, 'publish': False, 'readPublished': False}, 'recursive': False} for node schema_3.
Node schema_1 has permissions {'create': False, 'read': False, 'update': False, 'delete': False, 'publish': False, 'readPublished': False}
Node schema_2 has permissions {'create': False, 'read': False, 'update': False, 'delete': False, 'publish': False, 'readPublished': False}
Node schema_3 has permissions {'create': False, 'read': False, 'update': False, 'delete': False, 'publish': False, 'readPublished': False}
---
Expected behaviour and actual behaviour
I would expect that the permissions of the other nodes will stay untouched, but every permission set is applied to all nodes.
@DevNils
Thanks for the excellent bug report and reproducer. I was able to trace an issue with the path resolving mechanism.
Path that you are using:
-
/api/v1/roles/:roleUuid/permissions/:projectName/nodes/:nodeUuid
Using the project name in the path currently results in a process in which the permissions are being set to the project and all nodes of that project. This is a bug and will be fixed.
You can however set the permissions this way:
-
/api/v1/roles/:roleUuid/permissions/projects/:projectUuid/nodes/:nodeUuid
I updated your reproducer which includes the needed changes: patch.diff.tar.gz
I'll let you know once the original issue has been resolved.
