Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send Email sub-action doesn't set the current user to $dotcontent viewtool #28352

Closed
dsolistorres opened this issue Apr 24, 2024 · 1 comment · Fixed by #28373
Closed

Send Email sub-action doesn't set the current user to $dotcontent viewtool #28352

dsolistorres opened this issue Apr 24, 2024 · 1 comment · Fixed by #28373
Assignees
@dsolistorres
Labels
dotCMS : Workflow LTS : Next Ticket that will be added to LTS OKR : Customer Success Owned by Arno OKR : Customer Support Owned by Scott QA : Approved Release : 24.05.13 Bug Fixing Team : Bug Fixers Triage Type : Defect

Comments

@dsolistorres
Copy link
Contributor

dsolistorres commented Apr 24, 2024
edited

Parent Issue

No response

Problem Statement

Users can include velocity code in the body field for the Send Email actionlet so the workflow action executes the velocity code to build the email body. However, the $dotcontent viewtool methods are executed with the 'anonymous' user instead of the current user that executed the workflow action, causing that the $dotcontent.find() method cannot retrieve the current contentlet. This only happens if current contentlet is not public, meaning that the anonymous user doesn't have permissions to access the content.

Steps to Reproduce

  1. Create a new workflow scheme and add the 'Send email' actionlet in a workflow action (or just include the 'Send email' actionlet in an already existing scheme.
  2. Include the following velocity code in the Email body field for the 'Send email' actionlet:
$dotcontent.find($content.identifier)
  1. Create a new contentlet and make sure that there are not read permission for the anonymous user for the content.
    image
  2. Execute the workflow action that includes the 'Send email' actionlet for the contentlet created in the previous step.
  3. The $dotcontent.find() method doesn't return the current content and the following warning message is shown in the log:
[24/04/24 14:19:48:569 CST]  WARN util.ContentUtils: An error occurred when User 'anonymous' attempted to find Contentlet with Inode/ID '25ee651e-b714-4fc7-a464-cf45d1e893c0' [lang=1, tmDate=null]: User 'anonymous' does not have READ permissions on Contentlet [name: Article 1, type: Article, lang: 1, identifier: 52aad5d9f76fb0eab5dad3c314944b72, inode: 25ee651e-b714-4fc7-a464-cf45d1e893c0] @ url:POST//default/dwr/call/plaincall/BrowserAjax.saveFileAction.dwr | lang:1 | ip:0:0:0:0:0:0:0:1 | Admin:true | start:04-24-2024 02:19:38 CST  ref:https://localhost:8443/c/portal/layout?p_l_id=71b8a1ca-37b6-4b6e-a43b-c7482f28db6c&p_p_id=content&p_p_action=0&&dm_rlout=1&r=1713989977185&in_frame=true&frame=detailFrame&container=true&angularCurrentPortlet=content

Acceptance Criteria

The $dotcontent viewtool should use the current user that executed the workflow when executing the velocity code for Email body in the Send Email actionlet. The $dotcontent.find() method should return the requested contentlet given that the current user the executed the action has read permissions for the content.

dotCMS Version

24.04.16
@dsolistorres dsolistorres self-assigned this Apr 24, 2024
@erickgonzalez erickgonzalez mentioned this issue Apr 24, 2024
Closed
dsolistorres added a commit that referenced this issue Apr 29, 2024
@dsolistorres
fix (workflows): set current user on viewtools velocity context for e…
32d25f9 
…mail subaction (#28352)
@dsolistorres dsolistorres linked a pull request Apr 29, 2024 that will close this issue
set current user on viewtools velocity context for email subaction (#28352) #28373
Merged
1 task
github-merge-queue bot pushed a commit that referenced this issue Apr 30, 2024
@dsolistorres @erickgonzalez
fix (workflows): set current user on viewtools velocity context for e…
5ee7692 
…mail subaction (#28352) (#28373)

Co-authored-by: erickgonzalez <erick.gonzalez@dotcms.com>
@bryanboza
Copy link
Member

Fixed, unable to reproduce after the fix. Tested on the latest trunk // Docker // FF

@erickgonzalez erickgonzalez added the LTS : Next Ticket that will be added to LTS label May 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dsolistorres dsolistorres

Labels
dotCMS : Workflow LTS : Next Ticket that will be added to LTS OKR : Customer Success Owned by Arno OKR : Customer Support Owned by Scott QA : Approved Release : 24.05.13 Bug Fixing Team : Bug Fixers Triage Type : Defect
Projects
dotCMS - Product Planning
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

set current user on viewtools velocity context for email subaction (#28352) dotCMS/core
3 participants
@bryanboza @dsolistorres @erickgonzalez