Liferay NoSuchResourcePermissionException Error Fix

 

Permission Checking Error Fix

How to fix "Someone may be trying to circumvent the permission checker" error in Liferay

Overview


Sometimes you may see notice strange errors on the portal related to permissions checking, similar to this one:

2023-10-10 07:37:39.152 ERROR [http-nio-8080-exec-1][MainServlet:1111] null

com.liferay.portal.kernel.events.ActionException: java.lang.IllegalArgumentException: Someone may be trying to circumvent the permission checker: {companyId=224404, name=com.liferay.portal.kernel.model.Layout, primKey=9730, scope=4}


This article explains how to find the reason and fix the issue.


Problem


If you check the stacktrace in more details - you'll see in the end, that the main reason is the missing ResourcePermission record for the resource on which permissions check is executed:


Caused by: com.liferay.portal.kernel.exception.NoSuchResourcePermissionException: {companyId=224404, name=com.liferay.portal.kernel.model.Layout, primKey=9730, scope=4} at com.liferay.portal.service.impl.ResourcePermissionLocalServiceImpl

.hasResourcePermission(ResourcePermissionLocalServiceImpl.java:1082) ~[portal-impl.jar:?]


There are might be different reasons that caused that state (a code issue or unintentional manual DB update, etc.), but that's the root cause and it should be fixed.


Solution


To fix the issue you need to restore the default ResourcePermission in the database.

Keep in mind: manual DB manipulations are forbidden in the Liferay world 😉

You need to invoke Liferay-provided API, to make sure all the data is inserted to Liferay tables in a correct way.

You can implement an Upgrade Step with the logic to register the missing ResourcePermission, or use the Groovy scripting console for ad-hoc solutions.

To fix the error mentioned above I'll use the Groovy Scripting Console in Server Administration.

First, I can identify which Layout (page) exactly has the missing ResourcePermission (using the primKey=9730 from the stacktrace above, which is Layout's plid):



This way I have the understanding that's its a Search page in the Guest site, and at least can check it and perform the required actions (check and update content, verify permissions, re-publish, etc.).

If that does not help - let's proceed with ResourcePermission checking and updates.

First, we can check if Owner role has the VIEW permission on resource (which, normally, should be the case):



This confirms the exception from logs about the missing ResourcePermission.

Well, as it's missing - let's create it using scripting console as well:


com.liferay.portal.kernel.service.ResourceLocalServiceUtil.addResources(companyId, 0, 224450, 'com.liferay.portal.kernel.model.Layout', 9730, false, false, false);


This will add the default resources for a given layout. The arguments here are:

1) companyId - the ID of Virtual Instance / Company;

2) groupId - the site's ID, can be set to 0;

3) userId - use admin's user ID here;

4) name - ResourcePermission name, usually a fully-qualified model class name;

5) primKey - the ID of the resource's entity;

6) portletActions - whether to associate portlet actions with the resource, can be false;

7) addGroupPermissions - whether to add group permissions, can be false;

8) addGuestPermissions - whether to add guest permissions, can be false.


You can run the previous script to verify ResourcePermissions had bee saved properly:



Finally, the issue should be fixed, at least for the particular model resource - the errors like NoSuchResourcePermissionException or Someone may be trying to circumvent the permission checker should not appear anymore.


Enjoy 😏






Comments

Popular posts from this blog

Liferay Search Container Example

Installing Blade CLI from Command Line

Liferay Keycloak integration