You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Steve Potter <js...@riverbed.demon.co.uk> on 2008/05/21 18:48:37 UTC
Strange permission behaviour
I recently upgraded to 2.6.2 and had a play with the ACL feature. After
adding restrictions to the page TitleBox (like jspwiki.org) pages in the wiki
(e.g. Main) were no longer editable by users that did not have permission to
edit TitleBox. The debug log seems to suggest that the restrictions parsed
from the TitleBox page are being applied to the Main page (Main has no
restrictions specified):
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.tags.WikiTagBase.doWikiStartTag - Inserting page WikiPage
[JSPWiki:TitleBox,ver=8,mod=Wed May 21 16:18:54 BST 2008]
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.render.RenderingManager.getRenderedDocument - Re-rendering
and storing TitleBox::8
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser.handleAccessRule - page=Main,
ACL = ALLOW view Authenticated
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl - Adding new acl entry
for view
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl - user =
Authenticated:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser.handleAccessRule - user =
Authenticated:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser.handleAccessRule - page=Main,
ACL = ALLOW edit Admin
2008-05-21 16:20:24,273 [http-8443-1] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl - Adding new acl entry
for edit
2008-05-21 16:20:24,283 [http-8443-1] DEBUG
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl - user =
Authenticated:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))
user = Admin:
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","edit"))
Am I misunderstanding something here?
(note: The behaviour appears to be obfuscated by page caching).
Thanks for any help,
Steve P.
Re: Strange permission behaviour
Posted by Steve Potter <js...@riverbed.demon.co.uk>.
Janne,
Sorry for the delay - a vacation got in the way!
I checked the behaviour on 2.6.3 and the problem appears to be resolved.
Thanks a lot,
Steve
On Tuesday 03 Jun 2008, Janne Jalkanen wrote:
> Could you take a look at the latest 2.6 branch? It might be fixed...
>
> /Janne
>
> On 22 May 2008, at 21:04, Steve wrote:
> > I've done some more investigation and it seems that the first
> > reference by
> > another user to a page (containing TitleBox) after TitleBox has
> > been changed
> > causes the page to be re-rendered and the access rules to be re-
> > parsed. It
> > looks to me that JSPWikiMarkupParser.handleAccessRule when it
> > parses the
> > TitleBox access rules is assigning them to the context 'page' (the
> > containing
> > page) rather than the 'realPage' (the TitleBox). Due to caching,
> > other pages
> > containing TitleBox are not affected.
> >
> > Steve
> >
> > On Wednesday 21 May 2008, Steve wrote:
> >> On Wednesday 21 May 2008, Janne Jalkanen wrote:
> >>>> I recently upgraded to 2.6.2 and had a play with the ACL feature.
> >>>> After
> >>>> adding restrictions to the page TitleBox (like jspwiki.org) pages
> >>>> in the wiki
> >>>> (e.g. Main) were no longer editable by users that did not have
> >>>> permission to
> >>>> edit TitleBox. The debug log seems to suggest that the
> >>>> restrictions parsed
> >>>> from the TitleBox page are being applied to the Main page (Main
> >>>> has no
> >>>> restrictions specified):
> >>>> Am I misunderstanding something here?
> >>>> (note: The behaviour appears to be obfuscated by page caching).
> >>>
> >>> Do you have page caching on or off? Because I can't replicate this
> >>> with page caching on...
> >>>
> >>> /Janne
> >>
> >> jspwiki.usePageCache is true
Re: Strange permission behaviour
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
Could you take a look at the latest 2.6 branch? It might be fixed...
/Janne
On 22 May 2008, at 21:04, Steve wrote:
> I've done some more investigation and it seems that the first
> reference by
> another user to a page (containing TitleBox) after TitleBox has
> been changed
> causes the page to be re-rendered and the access rules to be re-
> parsed. It
> looks to me that JSPWikiMarkupParser.handleAccessRule when it
> parses the
> TitleBox access rules is assigning them to the context 'page' (the
> containing
> page) rather than the 'realPage' (the TitleBox). Due to caching,
> other pages
> containing TitleBox are not affected.
>
> Steve
>
> On Wednesday 21 May 2008, Steve wrote:
>> On Wednesday 21 May 2008, Janne Jalkanen wrote:
>>>> I recently upgraded to 2.6.2 and had a play with the ACL feature.
>>>> After
>>>> adding restrictions to the page TitleBox (like jspwiki.org) pages
>>>> in the wiki
>>>> (e.g. Main) were no longer editable by users that did not have
>>>> permission to
>>>> edit TitleBox. The debug log seems to suggest that the
>>>> restrictions parsed
>>>> from the TitleBox page are being applied to the Main page (Main
>>>> has no
>>>> restrictions specified):
>>>> Am I misunderstanding something here?
>>>> (note: The behaviour appears to be obfuscated by page caching).
>>>
>>> Do you have page caching on or off? Because I can't replicate this
>>> with page caching on...
>>>
>>> /Janne
>>
>> jspwiki.usePageCache is true
>
Re: Strange permission behaviour
Posted by Steve <st...@riverbed.demon.co.uk>.
I've done some more investigation and it seems that the first reference by
another user to a page (containing TitleBox) after TitleBox has been changed
causes the page to be re-rendered and the access rules to be re-parsed. It
looks to me that JSPWikiMarkupParser.handleAccessRule when it parses the
TitleBox access rules is assigning them to the context 'page' (the containing
page) rather than the 'realPage' (the TitleBox). Due to caching, other pages
containing TitleBox are not affected.
Steve
On Wednesday 21 May 2008, Steve wrote:
> On Wednesday 21 May 2008, Janne Jalkanen wrote:
> > > I recently upgraded to 2.6.2 and had a play with the ACL feature.
> > > After
> > > adding restrictions to the page TitleBox (like jspwiki.org) pages
> > > in the wiki
> > > (e.g. Main) were no longer editable by users that did not have
> > > permission to
> > > edit TitleBox. The debug log seems to suggest that the
> > > restrictions parsed
> > > from the TitleBox page are being applied to the Main page (Main has no
> > > restrictions specified):
> > > Am I misunderstanding something here?
> > > (note: The behaviour appears to be obfuscated by page caching).
> >
> > Do you have page caching on or off? Because I can't replicate this
> > with page caching on...
> >
> > /Janne
>
> jspwiki.usePageCache is true
Re: Strange permission behaviour
Posted by Steve <st...@riverbed.demon.co.uk>.
On Wednesday 21 May 2008, Janne Jalkanen wrote:
> > I recently upgraded to 2.6.2 and had a play with the ACL feature.
> > After
> > adding restrictions to the page TitleBox (like jspwiki.org) pages
> > in the wiki
> > (e.g. Main) were no longer editable by users that did not have
> > permission to
> > edit TitleBox. The debug log seems to suggest that the
> > restrictions parsed
> > from the TitleBox page are being applied to the Main page (Main has no
> > restrictions specified):
> > Am I misunderstanding something here?
> > (note: The behaviour appears to be obfuscated by page caching).
>
> Do you have page caching on or off? Because I can't replicate this
> with page caching on...
>
> /Janne
jspwiki.usePageCache is true
Re: Strange permission behaviour
Posted by Janne Jalkanen <Ja...@ecyrd.com>.
> I recently upgraded to 2.6.2 and had a play with the ACL feature.
> After
> adding restrictions to the page TitleBox (like jspwiki.org) pages
> in the wiki
> (e.g. Main) were no longer editable by users that did not have
> permission to
> edit TitleBox. The debug log seems to suggest that the
> restrictions parsed
> from the TitleBox page are being applied to the Main page (Main has no
> restrictions specified):
> Am I misunderstanding something here?
> (note: The behaviour appears to be obfuscated by page caching).
Do you have page caching on or off? Because I can't replicate this
with page caching on...
/Janne