MCP Tools should require administrators group, not admin-only #2359
Comments
badvision
pushed a commit
that referenced
this issue
Jul 7, 2020
…p Prune to Administrators Only (allowing all of the administrators group to use that tool)
badvision
added a commit
that referenced
this issue
Jul 7, 2020
* #2359 - Deprecated adminOnlyProcessDefinitionFactory and switched Deep Prune to Administrators Only (allowing all of the administrators group to use that tool)
joerghoh
added a commit
that referenced
this issue
Aug 8, 2020
* Revert "#2298 - Removed DynamicDeck dependency on deprecated package com.day.cq.dam.api.collection which causes problems w/ AEM CS deployments. (#2319)" (#2322) This reverts commit d4f62de. * #2324 On-Deploy-Scripts are not supported on AEMaaCS (#2326) * Removed accidental changelog statement * Updated target AEM version * #2330, Versioned ClientLibs are not supported by Page Exports (#2331) * Versioned ClientLibs are not supported by Page Exports (cw-wcm-content-sync) * Added comment explaining where the rr.map(..) is invoked * Incorrect Injectors ordering with service.ranking #2344 - fix service… (#2345) * Incorrect Injectors ordering with service.ranking #2344 - fix service ranking according to OSGi specification Co-authored-by: abrdashevskiy <[email protected]> * #2350 - Fixed null check in VanityServiceUrlImpl, Added hook for Van… (#2351) * #2350 - Fixed null check in VanityServiceUrlImpl, Added hook for VanityUrlAdjuster in VanityServiceUrlImpl * Feature/2359 deep prune administrators (#2360) * #2359 - Deprecated adminOnlyProcessDefinitionFactory and switched Deep Prune to Administrators Only (allowing all of the administrators group to use that tool) * #2303 - EnsureOakIndexServlet (exposed via the OSGi Console) should b… (#2304) * #2303 - EnsureOakIndexServlet (exposed via the OSGi Console) should be invokable via an inline HTML form * Removed DynamicDeck dependency on deprecated package com.day.cq.dam.api.collection which causes problems w/ AEM CS deployments. (#2323) * #2298 - Removed DynamicDeck dependency on deprecated package com.day.cq.dam.api.collection which causes problems w/ AEM CS deployments. * #2357 - Added safeguards to SMTPMailServiceHealthCheck to help avoid … (#2358) * #2357 - Added safeguards to SMTPMailServiceHealthCheck to help avoid run-way email pings * Changelog for 4.7.2 completed * [maven-release-plugin] prepare for next development iteration * Update CHANGELOG.md * Revert "[maven-release-plugin] prepare for next development iteration" This reverts commit f051690. * [maven-release-plugin] prepare release acs-aem-commons-4.7.2 * [maven-release-plugin] prepare for next development iteration * Updated PGP instructions to clarify some points of confusion * #2366 CQIncludePropertyNamespaceServlet - UnsupportedOperationException (#2367) * #2366 CQIncludePropertyNamespaceServlet - UnsupportedOperationException, added test * Feature/2354 - ACS AEM Commons web console (#2355) * ACS AEM Commons Console POC * Feature/ms office asset selector (#2356) * Added MS Office Addin components and content Co-authored-by: Chris Workman <[email protected]> Co-authored-by: Athiers <[email protected]> * v4.8.0 changelog * [maven-release-plugin] prepare release acs-aem-commons-4.8.0 * [maven-release-plugin] prepare for next development iteration * Fix SCR warnings at build time (#2369) * fixed SCR warnings * environmentfilter breaks http asset api (fixes #2371) (#2372) * created testcase for #2371 * Update CHANGELOG.md * [maven-release-plugin] prepare for next development iteration * v4.8.2 re-release * [maven-release-plugin] prepare release acs-aem-commons-4.8.4 * [maven-release-plugin] prepare for next development iteration * Fix test warnings (#2373) * no need to catch exceptions in unittests, junit does that for us * fix warnings on some test executions * fix some more Mockito warnings * cleanup compilation warnings in test classes * removed unused MockPageManager, use the PageManager impl of AEM Mocks instead * fix more deprecation warnings * fix codeclimate issue * added changelog * [trivial] fix exception message (#2383) * [trivial] fix exception message * Sitemap Disable Vanity for URLs (#2378) * Adding a feature to the sitemap to not use the vanity when generating the URL * avoid too many negations, makes it easier to reason about it Co-authored-by: Jörg Hoh <[email protected]> * Fix compilation warnings (#2381) * Fix compilation warnings * suppress deprecation warnings because we cannot fix them right now or with the current implementation * use the static method valueOf instead of the constructors of the wrapped primitive types (Java9) * replace type.newInstance() with the recommended version (Java9) Co-authored-by: Brendan Robert <[email protected]> * Bugfix for incomplete request wrapper for sling models (#2379) * - Fixed issue where sling model injection by @ChildResourceFromRequestInjector was not including all sling model bindings, thus resulting in models being injected with incorrect values for thing like currentStyle Co-authored-by: lokeshvajrala <[email protected]> Co-authored-by: Lokesh Vajrala <[email protected]> * Check for missing resource instead of freaking out and causing problems (#2384) * Check for missing resource instead of freaking out and causing problems * #2386 - Bulk Asset Import Overwrites Existing Folder Titles (#2387) * Added option to not overwrite the destination folder title when creating the folder hierarchy. * Added tests. * ignore failing test Co-authored-by: Brendan Robert <[email protected]> Co-authored-by: david g <[email protected]> Co-authored-by: Dominik Förderreuther <[email protected]> Co-authored-by: Andrey B <[email protected]> Co-authored-by: abrdashevskiy <[email protected]> Co-authored-by: Brendan Robert <[email protected]> Co-authored-by: David Gonzalez <[email protected]> Co-authored-by: Dan Klco <[email protected]> Co-authored-by: Brett Birschbach <[email protected]> Co-authored-by: Robert Botha <[email protected]>
joerghoh
added a commit
that referenced
this issue
Aug 23, 2020
* Revert "#2298 - Removed DynamicDeck dependency on deprecated package com.day.cq.dam.api.collection which causes problems w/ AEM CS deployments. (#2319)" (#2322) This reverts commit d4f62de. * #2324 On-Deploy-Scripts are not supported on AEMaaCS (#2326) * Removed accidental changelog statement * Updated target AEM version * #2330, Versioned ClientLibs are not supported by Page Exports (#2331) * Versioned ClientLibs are not supported by Page Exports (cw-wcm-content-sync) * Added comment explaining where the rr.map(..) is invoked * Incorrect Injectors ordering with service.ranking #2344 - fix service… (#2345) * Incorrect Injectors ordering with service.ranking #2344 - fix service ranking according to OSGi specification Co-authored-by: abrdashevskiy <[email protected]> * #2350 - Fixed null check in VanityServiceUrlImpl, Added hook for Van… (#2351) * #2350 - Fixed null check in VanityServiceUrlImpl, Added hook for VanityUrlAdjuster in VanityServiceUrlImpl * Feature/2359 deep prune administrators (#2360) * #2359 - Deprecated adminOnlyProcessDefinitionFactory and switched Deep Prune to Administrators Only (allowing all of the administrators group to use that tool) * #2303 - EnsureOakIndexServlet (exposed via the OSGi Console) should b… (#2304) * #2303 - EnsureOakIndexServlet (exposed via the OSGi Console) should be invokable via an inline HTML form * Removed DynamicDeck dependency on deprecated package com.day.cq.dam.api.collection which causes problems w/ AEM CS deployments. (#2323) * #2298 - Removed DynamicDeck dependency on deprecated package com.day.cq.dam.api.collection which causes problems w/ AEM CS deployments. * #2357 - Added safeguards to SMTPMailServiceHealthCheck to help avoid … (#2358) * #2357 - Added safeguards to SMTPMailServiceHealthCheck to help avoid run-way email pings * Changelog for 4.7.2 completed * [maven-release-plugin] prepare for next development iteration * Update CHANGELOG.md * Revert "[maven-release-plugin] prepare for next development iteration" This reverts commit f051690. * [maven-release-plugin] prepare release acs-aem-commons-4.7.2 * [maven-release-plugin] prepare for next development iteration * Updated PGP instructions to clarify some points of confusion * #2366 CQIncludePropertyNamespaceServlet - UnsupportedOperationException (#2367) * #2366 CQIncludePropertyNamespaceServlet - UnsupportedOperationException, added test * Feature/2354 - ACS AEM Commons web console (#2355) * ACS AEM Commons Console POC * Feature/ms office asset selector (#2356) * Added MS Office Addin components and content Co-authored-by: Chris Workman <[email protected]> Co-authored-by: Athiers <[email protected]> * v4.8.0 changelog * [maven-release-plugin] prepare release acs-aem-commons-4.8.0 * [maven-release-plugin] prepare for next development iteration * Fix SCR warnings at build time (#2369) * fixed SCR warnings * environmentfilter breaks http asset api (fixes #2371) (#2372) * created testcase for #2371 * Update CHANGELOG.md * [maven-release-plugin] prepare for next development iteration * v4.8.2 re-release * [maven-release-plugin] prepare release acs-aem-commons-4.8.4 * [maven-release-plugin] prepare for next development iteration * Fix test warnings (#2373) * no need to catch exceptions in unittests, junit does that for us * fix warnings on some test executions * fix some more Mockito warnings * cleanup compilation warnings in test classes * removed unused MockPageManager, use the PageManager impl of AEM Mocks instead * fix more deprecation warnings * fix codeclimate issue * added changelog * [trivial] fix exception message (#2383) * [trivial] fix exception message * Sitemap Disable Vanity for URLs (#2378) * Adding a feature to the sitemap to not use the vanity when generating the URL * avoid too many negations, makes it easier to reason about it Co-authored-by: Jörg Hoh <[email protected]> * Fix compilation warnings (#2381) * Fix compilation warnings * suppress deprecation warnings because we cannot fix them right now or with the current implementation * use the static method valueOf instead of the constructors of the wrapped primitive types (Java9) * replace type.newInstance() with the recommended version (Java9) Co-authored-by: Brendan Robert <[email protected]> * Bugfix for incomplete request wrapper for sling models (#2379) * - Fixed issue where sling model injection by @ChildResourceFromRequestInjector was not including all sling model bindings, thus resulting in models being injected with incorrect values for thing like currentStyle Co-authored-by: lokeshvajrala <[email protected]> Co-authored-by: Lokesh Vajrala <[email protected]> * Check for missing resource instead of freaking out and causing problems (#2384) * Check for missing resource instead of freaking out and causing problems * #2386 - Bulk Asset Import Overwrites Existing Folder Titles (#2387) * Added option to not overwrite the destination folder title when creating the folder hierarchy. * Added tests. * add build profiles classic and cloudservice * remove compile time dependencies on packages which are not present in cloudservice * add missing methods to make it compile with cloudservice * all existing travis jobs with classic, but one new job with jdk11 and cloudservice * fix travis * ignore failing tests (just for the moment) * switch activation of classic profile to make it work on travis * fix profile activation * definition for cloudservice * also execute the checks against the package versions of AEM CS * execute the oakpal-verify actions only when building in classic profile Co-authored-by: Brendan Robert <[email protected]> Co-authored-by: david g <[email protected]> Co-authored-by: Dominik Förderreuther <[email protected]> Co-authored-by: Andrey B <[email protected]> Co-authored-by: abrdashevskiy <[email protected]> Co-authored-by: Brendan Robert <[email protected]> Co-authored-by: David Gonzalez <[email protected]> Co-authored-by: Dan Klco <[email protected]> Co-authored-by: Brett Birschbach <[email protected]> Co-authored-by: Robert Botha <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Required Information
Expected Behavior
MCP Tools which need admin restriction should be restricted to administrators group, getting access to the actual admin account is sometimes nearly impossible.
Actual Behavior
Tools such as deep prune are unavailable even if I'm in the administrators group.
Steps to Reproduce
Try to start a new MCP process, deep prune is not listed.
The text was updated successfully, but these errors were encountered: