[Flow] You are not allowed to perform this action

Mark Kuiphuis mark at capesso.com.au
Thu Mar 5 21:44:23 CET 2015 

Hi all,

I just tried to upgrade our application (deployment with TYPO3.Surf).
My composer.json was loading the latest version of TYPO3/Flow 2.3.* so 
automatically 2.3.2 was downloaded.

After the deployment whenever I try to login to our application I get 
the following error:

#1216919280: You are not allowed to perform this action.

The full stacktrace does not refer to any of the files in one of our own 
packages which tends me to believe there is potentially a problem in 
TYPO3.Flow (but I could be totally wrong).

The Exceptions.txt contains the following piece of code:

############
Uncaught exception #1216919280 in line 69 of 
/var/www/applications/client/releases/20150306053852/Data/Temporary/Development/Cache/Code/Flow_Object_Classes/TYPO3_Flow_Security_Authorization_RequestFilter.php: 
You are not allowed to perform this action.

15 
TYPO3\Flow\Security\Authorization\Interceptor\AccessDeny_Original::invoke()
14 
TYPO3\Flow\Security\Authorization\RequestFilter_Original::filterRequest(TYPO3\Flow\Mvc\ActionRequest)
13 
TYPO3\Flow\Security\Authorization\FilterFirewall_Original::blockIllegalRequests(TYPO3\Flow\Mvc\ActionRequest)
12 
TYPO3\Flow\Security\Aspect\RequestDispatchingAspect_Original::blockIllegalRequestsAndForwardToAuthenticationEntryPoints(TYPO3\Flow\Aop\JoinPoint)
11 TYPO3\Flow\Aop\Advice\AroundAdvice::invoke(TYPO3\Flow\Aop\JoinPoint)
10 TYPO3\Flow\Aop\Advice\AdviceChain::proceed(TYPO3\Flow\Aop\JoinPoint)
9 TYPO3\Flow\Mvc\Dispatcher::dispatch(TYPO3\Flow\Mvc\ActionRequest, 
TYPO3\Flow\Http\Response)
8 call_user_func_array(array|2|, array|2|)
7 
TYPO3\Flow\Object\DependencyInjection\DependencyProxy::__call("dispatch", array|2|)
6 
TYPO3\Flow\Object\DependencyInjection\DependencyProxy::dispatch(TYPO3\Flow\Mvc\ActionRequest, 
TYPO3\Flow\Http\Response)
5 
TYPO3\Flow\Mvc\DispatchComponent_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)
4 
TYPO3\Flow\Http\Component\ComponentChain_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)
3 
TYPO3\Flow\Http\Component\ComponentChain_Original::handle(TYPO3\Flow\Http\Component\ComponentContext)
2 TYPO3\Flow\Http\RequestHandler::handleRequest()
1 TYPO3\Flow\Core\Bootstrap::run()
############

After searching for this error code I changed the 
TYPO3.Flow.security.enable from TRUE to FALSE. Flushed the cache, warmed 
up the cache and now it allows me to login. But since we don't only use 
authentication, but also authorization (certain users don't have access 
to certain parts of the application) they now suddenly do, because of 
the FALSE value for TYPO3.Flow.security.enable

Then my thought was that my Policy.yaml could potentially contain a bug, 
however running the command: ./flow configuration:show Policy (to make 
sure my rules which are defined in one package) did reveal all entries 
from our Policy.yaml

Then the command: ./flow configuration:validate Policy returned that the 
Policy was valid.

Then I redid the deployment, but now set the TYPO3 Flow version back to 
2.3.1 in the composer.json and ran another deployment. Now the same 
error also appears on 2.3.1. (never did that before)

Any ideas?

The website runs on a Debian 7.8. machine with PHP Version: 
5.4.38-1~dotdeb.1

Thanks in advance,

Mark Kuiphuis

More information about the Flow mailing list