[Mapbender-users] Cannot change application security permissions after mapbender update

Joel Blizzard jrpblizz at gmail.com
Thu Aug 5 08:42:40 PDT 2021


Hi,

I finally got around to this, and I'm not exactly sure that I understand
what's happening.
When I try to make a security change to a particular application I see the
error at the top of the screen:
"There was an error trying to save your application"

And if I dig into some of the additional information, In "Translation" I see

"
en messages 1 mb.application.save.failure.general There was an error trying
to save your application."

I do see quite a number of Deprecations warnings.

Here are some of the top ones:

15:38:50 php (2 times) User Deprecated: The "*choices_as_values*" option is
deprecated since Symfony 3.1 and will be removed in 4.0. You should not use
it anymore.
Show context    Show trace
15:38:50 php User Deprecated: The Symfony\Component\Process\ProcessBuilder
class is deprecated since Symfony 3.4 and will be removed in 4.0. Use the
Process class instead.
Show context    Show trace
15:38:50 php User Deprecated: The "*mapbender.uploads_manager.service*"
service is private, getting it from the container is deprecated since
Symfony 3.2 and will fail in 4.0. You should either make the service
public, or stop using the container directly and use dependency injection
instead.
Show context    Show trace
15:38:50 php User Deprecated: The "*fom.acl.manager*" service is private,
getting it from the container is deprecated since Symfony 3.2 and will fail
in 4.0. You should either make the service public, or stop using the
container directly and use dependency injection instead.
Show context    Show trace
15:38:50 php (10 times) User Deprecated: Calling "*tab_container_id*" on
template "*MapbenderManagerBundle::layouts/tabbed.html.twig*" from template
"*MapbenderManagerBundle::layouts/tabbed.html.twig*" is deprecated since
version 1.28 and won't be supported anymore in 2.0.
Show context    Show trace
15:38:50 php (5 times) User Deprecated: Calling "*tab_header_id*" on
template "*MapbenderManagerBundle::layouts/tabbed.html.twig*" from template
"*MapbenderManagerBundle::layouts/tabbed.html.twig*" is deprecated since
version 1.28 and won't be supported anymore in 2.0.
Show context    Show trace
15:38:50 php (5 times) User Deprecated: Calling "*tab_header*" on template "
*MapbenderManagerBundle::layouts/tabbed.html.twig*" from template "
*@MapbenderManager/Application/edit.html.twig*" is deprecated since version
1.28 and won't be supported anymore in 2.0.
Show context    Show trace
15:38:50 php (5 times) User Deprecated: Calling "*tab_content_attributes*"
on template "*MapbenderManagerBundle::layouts/tabbed.html.twig*" from
template "*@MapbenderManager/Application/edit.html.twig*" is deprecated
since version 1.28 and won't be supported anymore in 2.0.
Show context    Show trace

Any thoughts on what I should specifically look for / where I should look?


On Fri, Jun 18, 2021 at 3:21 AM <david.patzke at wheregroup.com> wrote:

> Hi Joel,
>
>
>
> you have to option. First you could edit the file app_dev.php with a
> shell-based Editor like vi or nano and remove temporally the lines 12-18:
>
> if (isset($_SERVER['HTTP_CLIENT_IP'])
>
>    || isset($_SERVER['HTTP_X_FORWARDED_FOR'])
>
>    || !in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', 'fe80::1',
> '::1'))
>
> ) {
>
>    header('HTTP/1.0 403 Forbidden');
>
>    exit('You are not allowed to access this file. Check
> '.basename(__FILE__).' for more information.');
>
> }
>
>
>
> Then you can open the dev controller from everywhere. Please be advised
> that this is a huge security risk, cause error pages in this mode will leak
> sensitive information! So, you have to reenable this security feature
> afterwards! Second options would be to tunnel the http port of your server
> to your local machine via ssh. Then you can open the application from your
> machine.
>
>
>
> Best regards David
>
> *Von:* Mapbender_users <mapbender_users-bounces at lists.osgeo.org> *Im
> Auftrag von *Joel Blizzard
> *Gesendet:* Thursday, June 17, 2021 11:38 PM
> *An:* astrid.emde at wheregroup.com; Mapbender User List <
> mapbender_users at lists.osgeo.org>
> *Betreff:* Re: [Mapbender-users] Cannot change application security
> permissions after mapbender update
>
>
>
> Did you try doing an install and then an upgrade?
>
>
>
> php version is PHP 7.2.24-0ubuntu0.18.04.7
>
>
>
> Unfortunately I cannot run dev mode, as this is running on a cloud hosted
> server that I do not have a GUI on. Is there a way to run it from a system
> other than localhost?
>
> I looked in the documentation and it says " Symfony offers a developer
> mode with lot of information about your application (logging, exceptions,
> database queries, memory usage, time and more). This mode is only available
> from localhost."
>
>
>
> On Thu, Jun 17, 2021 at 1:07 AM Astrid Emde (WhereGroup) <
> astrid.emde at wheregroup.com> wrote:
>
> Hello Joel,
>
> I can not reproduce the error. Everything works fine at my installation.
>
> Did you try the app_dev.php mode too?
>
> What is your php version?
>
> Astrid
>
> Am 2021-06-14 22:08, schrieb Joel Blizzard:
> > In upgrading from Mapbender 3.2.3 to 3.2.5 I no longer have the
> > ability to adjust security settings on the applications I've created.
> >
> > So if I go into an application, and go to the "Security" tab, if I try
> > to remove public access, or add a user to the list, or make any kind
> > of change to existing permissions for an application, when I click
> > Save, I get an internal 500 error.
> >
> > When I look at my logs on the server, I see this error:
> >
> >  [php7:notice] [pid 4589] [client <IPaddress>:63695] PHP Notice:
> > Undefined offset: 2 in
> >
> /var/www/mapbender/vendor/symfony/security-acl/Dbal/MutableAclProvider.php
> > on line 981
> >
> > That is referring to this section of MutableAclProvider.php:
> > Line 981 is the one that says "$ace = $old[$i]"
> >
> > private function updateOldFieldAceProperty($name, array $changes)
> >     {
> >         $currentIds = array();
> >         foreach ($changes[1] as $field => $new) {
> >             for ($i = 0, $c = count($new); $i < $c; ++$i) {
> >                 $ace = $new[$i];
> >
> >                 if (null !== $ace->getId()) {
> >                     $currentIds[$ace->getId()] = true;
> >                 }
> >             }
> >         }
> >
> >         foreach ($changes[0] as $old) {
> >             for ($i = 0, $c = count($old); $i < $c; ++$i) {
> >                 $ace = $old[$i];
> >
> >                 if (!isset($currentIds[$ace->getId()])) {
> >
> >
> $this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
> >                     unset($this->loadedAces[$ace->getId()]);
> >                 }
> >             }
> >         }
> >     }
> >
> > Can anyone assist me in figuring out what's gone wrong here?
> >
> > Thank you!
> > _______________________________________________
> > Mapbender_users mailing list
> > Mapbender_users at lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/mapbender_users
>
> --
> Mit freundlichen Grüßen
>
> Astrid Emde
> GIS-Consultant
>
> *************************************************************************
> Aufbau von Geodateninfrastrukturen mit Open-Source-Software
> FOSS Academy 5 Tage-Kompaktkurs „Sommerschule 2021"
> Jetzt anmelden: https://foss-academy.com/kompaktkurse/
> *************************************************************************
>    Astrid Emde
>    WhereGroup GmbH
>    Eifelstraße 7
>    53119 Bonn
>    Germany
>
>    Fon: +49(0)228 90 90 38 - 22
>    Fax: +49(0)228 90 90 38 - 11
>
>    astrid.emde at wheregroup.com
>    www.wheregroup.com
>
>    Meinen PGP Public-Key können Sie unter pgp.mit.edu herunterladen:
>
>
> https://keys.openpgp.org/vks/v1/by-fingerprint/01F8152D36FC07C25EADDE86C5084ACC1C287CCB
>    Signierte und/oder verschlüsselte Nachrichten sind sehr willkommen
>
>    Folgen Sie der WhereGroup auf twitter:
>    http://twitter.com/WhereGroup_com
>
>    Geschäftsführer:
>    Olaf Knopp, Peter Stamm
>    Amtsgericht Bonn, HRB 9885
>
> -------------------------------_______________________________________________
> Mapbender_users mailing list
> Mapbender_users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapbender_users
>
> _______________________________________________
> Mapbender_users mailing list
> Mapbender_users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapbender_users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapbender_users/attachments/20210805/773a59c0/attachment-0001.html>


More information about the Mapbender_users mailing list