You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@jspwiki.apache.org by Steve Potter <js...@riverbed.demon.co.uk> on 2008/05/21 18:48:37 UTC

Strange permission behaviour

I recently upgraded to 2.6.2 and had a play with the ACL feature.  After 
adding restrictions to the page TitleBox (like jspwiki.org) pages in the wiki 
(e.g. Main) were no longer editable by users that did not have permission to 
edit TitleBox.  The debug log seems to suggest that the restrictions parsed 
from the TitleBox page are being applied to the Main page (Main has no 
restrictions specified):

2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.tags.WikiTagBase.doWikiStartTag  - Inserting page WikiPage 
[JSPWiki:TitleBox,ver=8,mod=Wed May 21 16:18:54 BST 2008]
2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.render.RenderingManager.getRenderedDocument  - Re-rendering 
and storing TitleBox::8
2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser.handleAccessRule  - page=Main, 
ACL = ALLOW view Authenticated
2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl  - Adding new acl entry 
for view
2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl  -   user = 
Authenticated: 
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))

2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser.handleAccessRule  -   user = 
Authenticated: 
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))

2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.parser.JSPWikiMarkupParser.handleAccessRule  - page=Main, 
ACL = ALLOW edit Admin
2008-05-21 16:20:24,273 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl  - Adding new acl entry 
for edit
2008-05-21 16:20:24,283 [http-8443-1] DEBUG 
com.ecyrd.jspwiki.auth.acl.DefaultAclManager.parseAcl  -   user = 
Authenticated: 
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))
  user = Admin: 
(("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","edit"))


Am I misunderstanding something here? 
(note: The behaviour appears to be obfuscated by page caching).  

Thanks for any help,

Steve P.

Re: Strange permission behaviour

Posted by Steve Potter <js...@riverbed.demon.co.uk>.

Janne,
Sorry for the delay - a vacation got in the way!

I checked the behaviour on 2.6.3 and the problem appears to be resolved.

Thanks a lot,
	Steve

On Tuesday 03 Jun 2008, Janne Jalkanen wrote:
> Could you take a look at the latest 2.6 branch?  It might be fixed...
>
> /Janne
>
> On 22 May 2008, at 21:04, Steve wrote:
> > I've done some more investigation and it seems that the first
> > reference by
> > another user to a page (containing TitleBox) after TitleBox has
> > been changed
> > causes the page to be re-rendered and the access rules to be re-
> > parsed. It
> > looks to me that JSPWikiMarkupParser.handleAccessRule when it
> > parses the
> > TitleBox access rules is assigning them to the context 'page' (the
> > containing
> > page) rather than the 'realPage' (the TitleBox).  Due to caching,
> > other pages
> > containing TitleBox are not affected.
> >
> > Steve
> >
> > On Wednesday 21 May 2008, Steve wrote:
> >> On Wednesday 21 May 2008, Janne Jalkanen wrote:
> >>>> I recently upgraded to 2.6.2 and had a play with the ACL feature.
> >>>> After
> >>>> adding restrictions to the page TitleBox (like jspwiki.org) pages
> >>>> in the wiki
> >>>> (e.g. Main) were no longer editable by users that did not have
> >>>> permission to
> >>>> edit TitleBox.  The debug log seems to suggest that the
> >>>> restrictions parsed
> >>>> from the TitleBox page are being applied to the Main page (Main
> >>>> has no
> >>>> restrictions specified):
> >>>> Am I misunderstanding something here?
> >>>> (note: The behaviour appears to be obfuscated by page caching).
> >>>
> >>> Do you have page caching on or off?  Because I can't replicate this
> >>> with page caching on...
> >>>
> >>> /Janne
> >>
> >> jspwiki.usePageCache is  true

Re: Strange permission behaviour

Posted by Janne Jalkanen <Ja...@ecyrd.com>.

Could you take a look at the latest 2.6 branch?  It might be fixed...

/Janne

On 22 May 2008, at 21:04, Steve wrote:

> I've done some more investigation and it seems that the first  
> reference by
> another user to a page (containing TitleBox) after TitleBox has  
> been changed
> causes the page to be re-rendered and the access rules to be re- 
> parsed. It
> looks to me that JSPWikiMarkupParser.handleAccessRule when it  
> parses the
> TitleBox access rules is assigning them to the context 'page' (the  
> containing
> page) rather than the 'realPage' (the TitleBox).  Due to caching,  
> other pages
> containing TitleBox are not affected.
>
> Steve
>
> On Wednesday 21 May 2008, Steve wrote:
>> On Wednesday 21 May 2008, Janne Jalkanen wrote:
>>>> I recently upgraded to 2.6.2 and had a play with the ACL feature.
>>>> After
>>>> adding restrictions to the page TitleBox (like jspwiki.org) pages
>>>> in the wiki
>>>> (e.g. Main) were no longer editable by users that did not have
>>>> permission to
>>>> edit TitleBox.  The debug log seems to suggest that the
>>>> restrictions parsed
>>>> from the TitleBox page are being applied to the Main page (Main  
>>>> has no
>>>> restrictions specified):
>>>> Am I misunderstanding something here?
>>>> (note: The behaviour appears to be obfuscated by page caching).
>>>
>>> Do you have page caching on or off?  Because I can't replicate this
>>> with page caching on...
>>>
>>> /Janne
>>
>> jspwiki.usePageCache is  true
>

Re: Strange permission behaviour

Posted by Steve <st...@riverbed.demon.co.uk>.

I've done some more investigation and it seems that the first reference by 
another user to a page (containing TitleBox) after TitleBox has been changed 
causes the page to be re-rendered and the access rules to be re-parsed. It 
looks to me that JSPWikiMarkupParser.handleAccessRule when it parses the 
TitleBox access rules is assigning them to the context 'page' (the containing 
page) rather than the 'realPage' (the TitleBox).  Due to caching, other pages 
containing TitleBox are not affected.

Steve 

On Wednesday 21 May 2008, Steve wrote:
> On Wednesday 21 May 2008, Janne Jalkanen wrote:
> > > I recently upgraded to 2.6.2 and had a play with the ACL feature.
> > > After
> > > adding restrictions to the page TitleBox (like jspwiki.org) pages
> > > in the wiki
> > > (e.g. Main) were no longer editable by users that did not have
> > > permission to
> > > edit TitleBox.  The debug log seems to suggest that the
> > > restrictions parsed
> > > from the TitleBox page are being applied to the Main page (Main has no
> > > restrictions specified):
> > > Am I misunderstanding something here?
> > > (note: The behaviour appears to be obfuscated by page caching).
> >
> > Do you have page caching on or off?  Because I can't replicate this
> > with page caching on...
> >
> > /Janne
>
> jspwiki.usePageCache is  true

Re: Strange permission behaviour

Posted by Steve <st...@riverbed.demon.co.uk>.

On Wednesday 21 May 2008, Janne Jalkanen wrote:
> > I recently upgraded to 2.6.2 and had a play with the ACL feature.
> > After
> > adding restrictions to the page TitleBox (like jspwiki.org) pages
> > in the wiki
> > (e.g. Main) were no longer editable by users that did not have
> > permission to
> > edit TitleBox.  The debug log seems to suggest that the
> > restrictions parsed
> > from the TitleBox page are being applied to the Main page (Main has no
> > restrictions specified):
> > Am I misunderstanding something here?
> > (note: The behaviour appears to be obfuscated by page caching).
>
> Do you have page caching on or off?  Because I can't replicate this
> with page caching on...
>
> /Janne

jspwiki.usePageCache is  true

Re: Strange permission behaviour

Posted by Janne Jalkanen <Ja...@ecyrd.com>.

> I recently upgraded to 2.6.2 and had a play with the ACL feature.   
> After
> adding restrictions to the page TitleBox (like jspwiki.org) pages  
> in the wiki
> (e.g. Main) were no longer editable by users that did not have  
> permission to
> edit TitleBox.  The debug log seems to suggest that the  
> restrictions parsed
> from the TitleBox page are being applied to the Main page (Main has no
> restrictions specified):
> Am I misunderstanding something here?
> (note: The behaviour appears to be obfuscated by page caching).

Do you have page caching on or off?  Because I can't replicate this  
with page caching on...

/Janne