View Issue Details

IDProjectCategoryView StatusLast Update
0013426Tine 2.0Tinebasepublic2017-09-18 11:22
Reporterlab-at-nohlAssigned Topmehrer 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version2017.08.3 Community Edition 
Target Version2017.08.5 Community EditionFixed in Version2017.08.5 Community Edition 
Summary0013426: deleteUser fails partly saying you don't have permission
DescriptionOn deleting a user my installation says: "Sie sind nicht berechtigt, diese Aktion auszuf├╝hren".

The log (additional information) shows: "It is not allowed to delete a contact linked to an user account!"

It seems to me that deleting users is broken but it still works partly.
Steps To ReproduceAnyway, account is removed from Ldap and not shown in admin's list anymore. But you can't create another user with the same name. I guess an ActionQueue job will delete it from database later. But without deleting the account you can't delete the contact meanwhile it seems...

I don't know if account will be removed by ActionQueue finally because I deleted it in Db (didn't realize the ActionQueue before).
Additional Information55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_User_Ldap::_getLdapEntry::677 filter (&(objectclass=posixaccount)(entryuuid=958ba4f6-2ac8-1037-99f7-e53f52d623db))
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_User_Sql::deleteUserInSqlBackend::1156 Deleting usertest2
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): Tinebase_ActionQueue::queueAction::192 Queueing action: 'Tinebase_FOO_User.directDeleteUserInSqlBackend'
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_ActionQueue_Backend_Redis::send::216 queued job a20774a0471a700fb8e76cb5672cc262f67f519e on queue TinebaseQueueQueue (datastructname: TinebaseQueueData)
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_Controller_Record_ModlogTrait::_writeModLog::71 Writing modlog for Tinebase_Model_FullUser
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): Tinebase_User_Ldap::deleteUserInSyncBackend::618 delete user uid=test2,ou=people,ou=tine20,dc=server,dc=de from sync backend (LDAP)
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): Tinebase_Controller_Record_Abstract::delete::1487 Deleting 1 of Addressbook_Model_Contact records ...
55189 6b156 admin - 2017-09-10T23:09:32+00:00 DEBUG (7): Tinebase_FileSystem_RecordAttachments::getRecordAttachments::65 Fetching attachments of Addressbook_Model_Contact record with id dcb319671c75fdde5ca0eee7c78c9d80eee33f04 ...
55189 6b156 admin - 2017-09-10T23:09:32+00:00 ERR (3): Tinebase_Controller_Record_Abstract::delete::1521 It is not allowed to delete a contact linked to an user account!
55189 6b156 admin - 2017-09-10T23:09:32+00:00 WARN (4): Tinebase_Server_Json::_handleException::368 Addressbook_Exception_AccessDenied -> It is not allowed to delete a contact linked to an user account!
55189 6b156 admin - 2017-09-10T23:09:32+00:00 ERR (3): Tinebase_Exception::log::104 Addressbook_Exception_AccessDenied -> It is not allowed to delete a contact linked to an user account!
55189 6b156 admin - 2017-09-10T23:09:32+00:00 INFO (6): index.php (25) METHOD: Tinebase_Server_Json::Admin.deleteUsers / TIME: 195ms / Memory usage: 6 MB / Real patch cache size: 106329 / PID: 9727
TagsNo tags attached.
mwticket

Activities

pmehrer

pmehrer

2017-09-12 12:23

developer   ~0020674

http://gerrit.tine20.com/customers/5639
pmehrer

pmehrer

2017-09-12 12:50

developer   ~0020676

Thank you for reporting this issue. We have fixed it.

you can resolve it by removing the complete method body of \Addressbook_Controller_Contact::inspectDeleteUser in the file Addressbook/Controller/Contact.php ~ line 1111

/**
     * delete user by id
     *
     * @param Tinebase_Model_FullUser $_user
     */
    public function inspectDeleteUser(Tinebase_Model_FullUser $_user)
    {
        // this will be handled in \Addressbook_Controller::_handleEvent
    }

one comment on your Redis ActionQueue: is it working properly? If setup correctly it does, but it needs proper setup. So if you are unsure if it is setup correctly, it may not be so. In doubt don't use it. It is a rather advanced feature. Of course you are very welcome to use it if it works for you.

Issue History

Date Modified Username Field Change
2017-09-11 01:46 lab-at-nohl New Issue
2017-09-11 09:04 pschuele Assigned To => pmehrer
2017-09-12 12:23 pmehrer Status new => gerrit
2017-09-12 12:23 pmehrer Note Added: 0020674
2017-09-12 12:50 pmehrer Status gerrit => resolved
2017-09-12 12:50 pmehrer Resolution open => fixed
2017-09-12 12:50 pmehrer Note Added: 0020676
2017-09-18 11:21 pschuele Fixed in Version => 2017.08.4 Community Edition
2017-09-18 11:21 pschuele Target Version => 2017.08.5 Community Edition
2017-09-18 11:22 pschuele Fixed in Version 2017.08.4 Community Edition => 2017.08.5 Community Edition