Commerce Manager uses UnauthorizedAccessException, which can cause confusions

Found in

Release 7.5

Fixed in

EPiServer.CommerceManager 7.8.1

Created

Apr 14, 2014

Updated

May 09, 2014

Area

Falcon/Commerce/Commerce Manager

State

Closed, Fixed and Tested


Steps to reproduce

Issue reported here: http://world.episerver.com/Forum/Developer-forum/EPiServer-Commerce/Thread-Container/2014/4/Inaccurate-usage-of-UnauthorizedAccessException/ to reproduce:

- Go to Configs/Mediachase.Search.Config

- Edit the Indexers basePath to some invalid path, for example: Invalid/path

- Go to Cm, Administration/System settings/Search index, error:

 

 

Access Denied

Your account does not have rights to access this feature of the commerce manager. Please contact your system administrator for more information. 

The reason was IndexBuilder try to access the invalid path, then UnauthorizedAccessException is thrown. CM catches that exception and show above error.

 

The fix includes a new type of exception: Mediachase.Commerce.Security.AccessDeniedException that is thrown and catched instead of System.UnauthorizedAccessException.

All commerce code catching thrown System.UnauthorizedAccessException is rewritten to instead catch the new AccessDeniedException.

Third party developers throwing System.UnauthorizedAccessException as access handling needs to throw the new AccessDeniedException.