With a .CFConfig.json containing:
"security": {
"access_read": "open",
"access_write": "open"
},
The following should work:
admin action = "updateDatasource" ... password="";
However, instead it throws Cannot access, no password is defined.
lucee.runtime.exp.ExpressionException: Cannot access, no password is defined
at lucee.runtime.config.ConfigServerImpl.checkAccess(ConfigServerImpl.java:1061)
at lucee.runtime.config.ConfigWebImpl.getConfigServer(ConfigWebImpl.java:1507)
at lucee.runtime.tag.Admin._doStartTag(Admin.java:575)
at lucee.runtime.tag.Admin.doStartTag(Admin.java:356)
Looking at the code, there is logic that checks for the access tag and only checks password when access is “protected”. However, this admin tag trace is going direct to password check instead.
e.g. helper method that checks the access level: Lucee/core/src/main/java/lucee/runtime/config/ConfigUtil.java at 8adf43dfad3ed2d75526f34d7539bea96d392385 · lucee/Lucee · GitHub
But the following in Admin.java$_doStartTag() is triggering a password check via ConfigWebImpl.java$getConfigServer(Password password):
if (type == TYPE_SERVER) config = (ConfigPro) pageContext.getConfig().getConfigServer(password);
Can this be processed as a bug?