Apr 14, 2014
May 09, 2014
Closed, Fixed and Tested
Issue reported here: http://world.episerver.com/Forum/Developer-forum/EPiServer-Commerce/Thread-Container/2014/4/Inaccurate-usage-of-UnauthorizedAccessException/ to reproduce:
- Go to Configs/Mediachase.Search.Config
- Edit the Indexers basePath to some invalid path, for example: Invalid/path
- Go to Cm, Administration/System settings/Search index, error:
|Your account does not have rights to access this feature of the commerce manager. Please contact your system administrator for more information. |
The reason was IndexBuilder try to access the invalid path, then UnauthorizedAccessException is thrown. CM catches that exception and show above error.
The fix includes a new type of exception: Mediachase.Commerce.Security.AccessDeniedException that is thrown and catched instead of System.UnauthorizedAccessException.
All commerce code catching thrown System.UnauthorizedAccessException is rewritten to instead catch the new AccessDeniedException.
Third party developers throwing System.UnauthorizedAccessException as access handling needs to throw the new AccessDeniedException.