Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 341536

Summary:	Migrating to new workspace takes away the admin user's super powers
Product:	[ECD] Orion	Reporter:	Mark Macdonald <mamacdon>
Component:	Client	Assignee:	John Arthorne <john.arthorne>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	P3	CC:	denis.roy, john.arthorne
Version:	0.2
Target Milestone:	0.2
Hardware:	PC
OS:	Windows 7
Whiteboard:

Description Mark Macdonald

2011-03-31 15:23:50 EDT

Orion 0.2M6

1. Launch the Orion server with a new workspace, like this:
 -data workspace
 -vmargs -Dorion.storage.admin.default.password=mypassword
2. Log in as admin/mypassword. Go to /manage-users.html. Everything works OK.
3. Quit the server. Follow the instructions at [1] to migrate account names to a new workspace "workspace2"
4. Launch the server with 
 -data workspace2
5. Log in as admin/mypassword. Go to /manage-users.html and you'll get a 403.

The admin user's permissions were in the Users.prefs file from the old workspace. We didn't migrate that file, and the server never creates the admin user again (since it already exists in the migrated securestorage). So admin never regains access to the manage-users page.


[1] http://wiki.eclipse.org/Orion/Server_admin_guide#Creating_an_admin_user

Comment 1 John Arthorne

2011-03-31 15:38:04 EDT

I had this problem when migrating orion.eclipse.org, but used the admin's secret "vi" super power to add my super powers back.

There is a fairly trivial fix in SecureStorageCredentialsService#initStorage. Simply remove the "add admin rights" from the if block. I considered doing this for M6 when I hit the problem, but decided it was too late and a manual fix of the access rights was easier.

Comment 2 John Arthorne

2011-03-31 15:44:24 EDT

(In reply to comment #1)
> There is a fairly trivial fix in SecureStorageCredentialsService#initStorage.
> Simply remove the "add admin rights" from the if block. I considered doing this
> for M6 when I hit the problem, but decided it was too late and a manual fix of
> the access rights was easier.

This is probably obvious, but by "remove from if block" I meant "move after the if block".

Comment 3 John Arthorne

2011-04-29 09:59:26 EDT

I'm going to release this fix because it otherwise adds a painful step to server migration on orionhub.org

Comment 4 John Arthorne

2011-04-29 10:06:52 EDT

http://git.eclipse.org/c/e4/org.eclipse.orion.server.git/commit/?id=af38757e359a76f613402456141f827bbddd9f67