Non owner user cannot change Entity Access for feed even if allowed to

Description

Getting following error while trying to Entity Access for a feed.
Steps to reproduce:
1. Create feed with Admin
2. Add feed, category, template access to Analyst.
3. Add feed edit and admin access to Analyst.
3a (tried with this too) - Add edit and admin permissions on category and template
3b (tried with this too) - Add admin entity permissions on category
4. Login with Analyst
5. Try to change Entity Access for the feed
6. Getting error in UI and cannot proceed to finish changing Entity Access
7. Getting following error in services log
8. Cancel Entity Access dialog
9. Reopen Entity Access and notice that Entity permissions may have changed, doesn't happen for all permissions or all the time, didn't figure it out

2017-05-18 11:22:42.867 ERROR http-nio-8420-exec-3:ThrowableMapper:43 - toResponse() caught throwable
com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException: javax.jcr.AccessDeniedException: Permission denied to perform actions "read access control content" on path /metadata/feeds/entity_access_tests/tba:details/feed a/tba:allowedActions/accessFeed/changeFeedPermissions
at com.thinkbiganalytics.metadata.modeshape.security.JcrAccessControlUtil.removePermissions(JcrAccessControlUtil.java:304)
at com.thinkbiganalytics.metadata.modeshape.security.JcrAccessControlUtil.removeRecursivePermissions(JcrAccessControlUtil.java:447)
at com.thinkbiganalytics.metadata.modeshape.security.JcrAccessControlUtil.removeRecursivePermissions(JcrAccessControlUtil.java:428)
at com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions.lambda$togglePermission$6(JcrAllowedActions.java:285)
at java.util.Optional.map(Optional.java:215)
at com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions.togglePermission(JcrAllowedActions.java:281)
at com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions.togglePermission(JcrAllowedActions.java:273)
at com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions.disable(JcrAllowedActions.java:158)
at com.thinkbiganalytics.metadata.modeshape.feed.security.JcrFeedAllowedActions.disable(JcrFeedAllowedActions.java:87)
at com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions.disable(JcrAllowedActions.java:150)
at com.thinkbiganalytics.metadata.modeshape.security.role.JcrRoleMembership.lambda$disable$18(JcrRoleMembership.java:188)
at java.util.stream.ForEachOps$ForEachOp$OfRef.accept(ForEachOps.java:184)
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175)
at java.util.stream.Streams$StreamBuilderImpl.forEachRemaining(Streams.java:419)
at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:742)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:270)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:312)
at java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:743)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:270)
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1374)
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:481)
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:471)
at java.util.stream.ForEachOps$ForEachOp.evaluateSequential(ForEachOps.java:151)
at java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(ForEachOps.java:174)
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.util.stream.ReferencePipeline.forEach(ReferencePipeline.java:418)
at com.thinkbiganalytics.metadata.modeshape.security.role.JcrRoleMembership.disable(JcrRoleMembership.java:188)
at com.thinkbiganalytics.metadata.modeshape.security.role.JcrRoleMembership.removeMember(JcrRoleMembership.java:140)
at com.thinkbiganalytics.metadata.modeshape.security.role.JcrRoleMembership.lambda$removeAllMembers$19(JcrRoleMembership.java:198)
at java.util.HashMap$KeySpliterator.forEachRemaining(HashMap.java:1548)
at java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:580)
at com.thinkbiganalytics.metadata.modeshape.security.role.JcrRoleMembership.removeAllMembers(JcrRoleMembership.java:193)
at com.thinkbiganalytics.feedmgr.service.security.DefaultSecurityService.lambda$null$43(DefaultSecurityService.java:392)
at java.util.Optional.map(Optional.java:215)
at com.thinkbiganalytics.feedmgr.service.security.DefaultSecurityService.lambda$changeRoleMemberships$44(DefaultSecurityService.java:381)
at com.thinkbiganalytics.metadata.persistence.AggregateMetadataAccess.lambda$null$4(AggregateMetadataAccess.java:126)
at com.thinkbiganalytics.metadata.config.OperationalMetadataTransactionTemplateMetadataAccess$2.doInTransaction(OperationalMetadataTransactionTemplateMetadataAccess.java:187)
at org.springframework.transaction.support.TransactionTemplate.execute(TransactionTemplate.java:133)
at com.thinkbiganalytics.metadata.config.OperationalMetadataTransactionTemplateMetadataAccess.commit(OperationalMetadataTransactionTemplateMetadataAccess.java:137)
at com.thinkbiganalytics.metadata.config.OperationalMetadataTransactionTemplateMetadataAccess.commit(OperationalMetadataTransactionTemplateMetadataAccess.java:69)
at com.thinkbiganalytics.metadata.persistence.AggregateMetadataAccess.lambda$wrap$5(AggregateMetadataAccess.java:126)
at com.thinkbiganalytics.metadata.modeshape.JcrMetadataAccess.execute(JcrMetadataAccess.java:378)
at com.thinkbiganalytics.metadata.modeshape.JcrMetadataAccess.commit(JcrMetadataAccess.java:240)
at com.thinkbiganalytics.metadata.modeshape.JcrMetadataAccess.commit(JcrMetadataAccess.java:224)
at com.thinkbiganalytics.metadata.modeshape.JcrMetadataAccess.commit(JcrMetadataAccess.java:189)
at com.thinkbiganalytics.metadata.persistence.AggregateMetadataAccess.commit(AggregateMetadataAccess.java:54)
at com.thinkbiganalytics.feedmgr.service.security.DefaultSecurityService.changeRoleMemberships(DefaultSecurityService.java:380)
at com.thinkbiganalytics.feedmgr.service.security.DefaultSecurityService.changeFeedRoleMemberships(DefaultSecurityService.java:120)
at com.thinkbiganalytics.feedmgr.rest.controller.FeedRestController.postPermissionsChange(FeedRestController.java:594)
at sun.reflect.GeneratedMethodAccessor1380.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at

Environment

None

Activity

Show:
RuslansU
May 18, 2017, 10:59 AM
Done

Assignee

Sean Felten

Reporter

RuslansU

Labels

None

Reviewer

None

Story point estimate

None

Epic Link

Sprint

None

Fix versions

Priority

Medium