I am getting "Someone may be trying to circumvent the permission checker" while accessing Password Policies

Issue

  • When I try to access Control Panel → Password Policies, I get "Password Policies is temporarily unavailable."
  • I get the following error message:
    2024-07-30 13:15:07.411 ERROR [http-nio-8080-exec-9][PortletRequestDispatcherImpl:295] Unable to dispatch request: java.lang.IllegalArgumentException: Someone may be trying to circumvent the permission checker: {companyId=20155, name=com.liferay.portal.kernel.model.PasswordPolicy, primKey=20198, scope=4}
    2024-07-30 13:15:07.411 ERROR [http-nio-8080-exec-9][PortletServlet:109] Unable to process portlet com_liferay_password_policies_admin_web_portlet_PasswordPoliciesAdminPortlet: org.apache.jasper.JasperException: java.lang.IllegalArgumentException: Someone may be trying to circumvent the permission checker: {companyId=20155, name=com.liferay.portal.kernel.model.PasswordPolicy, primKey=20198, scope=4}
    javax.portlet.PortletException: org.apache.jasper.JasperException: java.lang.IllegalArgumentException: Someone may be trying to circumvent the permission checker: {companyId=20155, name=com.liferay.portal.kernel.model.PasswordPolicy, primKey=20198, scope=4}
  • When I run the following SQL query, it returns with non-zero records:
    SELECT passwordPolicyId
    FROM passwordpolicy
    LEFT JOIN resourcepermission
    ON passwordpolicy.passwordPolicyId = resourcepermission.primKeyId
    WHERE primKeyId is null;

Environment

  • Liferay DXP 7.4
  • Quarterly Release

Resolution

  • This is because the resource permission corresponding to one of the Password Policies has been erased from your database.
  • Please run the following Groovy script to create the missing resource permission record(s):
    import com.liferay.portal.kernel.model.PasswordPolicy;
    import com.liferay.portal.kernel.service.PasswordPolicyLocalServiceUtil;
    import com.liferay.portal.kernel.service.ResourcePermissionLocalServiceUtil;

    import com.liferay.portal.kernel.model.Group;
    import com.liferay.portal.kernel.service.GroupLocalServiceUtil;

    import com.liferay.portal.kernel.model.User;
    import com.liferay.portal.kernel.service.UserLocalServiceUtil;

    import com.liferay.portal.kernel.service.ServiceContext;


    // Please replace the number below with the ID of the Password Policies from the SQL Query
    int passwordPolicyId = 20198;

    PasswordPolicy passwordPolicy = PasswordPolicyLocalServiceUtil.getPasswordPolicy(passwordPolicyId);

    long companyId = passwordPolicy.getCompanyId();


    Group globalGroup = GroupLocalServiceUtil.getGroup(companyId,String.valueOf(companyId));
    long groupId = globalGroup.getGroupId();

    User defaultUser = UserLocalServiceUtil.getDefaultUser(companyId);
    long userId = defaultUser.getUserId();

    String name = "com.liferay.portal.kernel.model.PasswordPolicy";

    String primKey = passwordPolicyId.toString();

    boolean portletActions = false;

    ServiceContext serviceContext = new ServiceContext();
    serviceContext.setUserId(userId);
    serviceContext.setScopeGroupId(groupId);

    ResourcePermissionLocalServiceUtil.addResourcePermissions(companyId, groupId, userId, name, primKey, portletActions, serviceContext);

NOTE: Be sure to take a backup of your database prior to making any changes. Always test the changes in a lower environment before making changes in production.

Making manual changes to the database is not recommended, and should be carefully assessed based on your own business needs and risk factors. Any such operation is performed at the sole discretion of your own team.

Additional Information

この記事は役に立ちましたか?
0人中0人がこの記事が役に立ったと言っています