Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-20844

Anonymous group needs to have access to section/view policy

    Details

      Description

      While testing https://confluence.ez.no/display/EZP/View+provider+configuration using the "Identifier\Section" matcher I found out that if the anonymous groups doesn't have access to section/view policy the Twig will throw an exception with the following error

      [2013-05-09 10:54:24] app.NOTICE: Siteaccess not matched against configuration, returning default siteaccess. [] []
      [2013-05-09 10:54:24] app.INFO: Router eZ\Bundle\EzPublishCoreBundle\Routing\DefaultRouter was not able to match, message "" [] []
      [2013-05-09 10:54:24] app.INFO: UrlAlias matched location #2. Forwarding to ViewController [] []
      [2013-05-09 10:54:24] request.INFO: Matched route "ez_urlalias" (parameters: "_route": "ez_urlalias", "_controller": "ezpublish.controller.content.view:viewLocation", "locationId": "2", "viewType": "full", "layout": "true") [] []
      [2013-05-09 10:54:24] app.DEBUG: Checking secure context token:  [] []
      [2013-05-09 10:54:24] app.DEBUG: Trying to pre-authenticate user "-1" [] []
      [2013-05-09 10:54:24] app.INFO: Authentication success: PreAuthenticatedToken(user="anonymous", authenticated=false, roles="") [] []
      [2013-05-09 10:54:24] request.CRITICAL: Uncaught PHP Exception eZ\Publish\Core\Base\Exceptions\UnauthorizedException: "User does not have access to 'view' 'section'" at /var/www/apache2php53/ezp/vendor/ezsystems/ezpublish-kernel/eZ/Publish/Core/Repository/SectionService.php line 192 [] []
      [2013-05-09 10:54:24] security.DEBUG: Write SecurityContext in the session [] []
      

        Issue Links

          Activity

          Hide
          André Rømcke added a comment - - edited

          The title is wrong, in legacy Anonymous did not have to have access to such things to be able to do override rules.
          So this is a design issue (permissions should not be checked for this), not a default policy issue.

          Show
          André Rømcke added a comment - - edited The title is wrong, in legacy Anonymous did not have to have access to such things to be able to do override rules. So this is a design issue (permissions should not be checked for this), not a default policy issue.
          Show
          Jérôme Vieilledent (Inactive) added a comment - Pull-request: https://github.com/ezsystems/ezpublish-kernel/pull/363
          Show
          Jérôme Vieilledent (Inactive) added a comment - Fixed in master: https://github.com/ezsystems/ezpublish-kernel/commit/1d6be8d2a3771ce2ab15e8b5f9b69a448769d577
          Hide
          Pedro Resende (Inactive) added a comment -

          While testing this I think I found a new issue related with cache.

          Steps

          1. Add a new section (i.e private)
          2. Add a Folder and a new article inside
          3. Change article section to private
          4. Access the frontpage and verify the folder is present but the article isn't
          5. Allow anonymous user to Content/Read/Section( Standard, Private )
          6. Access the frontpage and verify the folder is present but the article isn't, when it should be
          7. Clear Symfony cache
          8. The Article becomes available and you can click it
          9. Remove anonymous user access to Private section
          10. Try to access the article
          11. You'll get a "TwigBundle:Exception:error500.html.twig"

          Show
          Pedro Resende (Inactive) added a comment - While testing this I think I found a new issue related with cache. Steps 1. Add a new section (i.e private) 2. Add a Folder and a new article inside 3. Change article section to private 4. Access the frontpage and verify the folder is present but the article isn't 5. Allow anonymous user to Content/Read/Section( Standard, Private ) 6. Access the frontpage and verify the folder is present but the article isn't, when it should be 7. Clear Symfony cache 8. The Article becomes available and you can click it 9. Remove anonymous user access to Private section 10. Try to access the article 11. You'll get a "TwigBundle:Exception:error500.html.twig"
          Hide
          Pedro Resende (Inactive) added a comment - - edited

          Stack Trace attached

          Show
          Pedro Resende (Inactive) added a comment - - edited Stack Trace attached
          Hide
          Jérôme Vieilledent (Inactive) added a comment -

          [~pedro.resende@ez.no]: You remove access to anonymous user and you are surprised that you are denied the access ? This is perfectly normal and expected!
          I acknowledge that this kind of issues should be caught (and this has been reported in an another issue: EZP-20782), but it's completely unrelated

          Show
          Jérôme Vieilledent (Inactive) added a comment - [~pedro.resende@ez.no] : You remove access to anonymous user and you are surprised that you are denied the access ? This is perfectly normal and expected! I acknowledge that this kind of issues should be caught (and this has been reported in an another issue: EZP-20782 ), but it's completely unrelated
          Hide
          Pedro Resende (Inactive) added a comment -
          Show
          Pedro Resende (Inactive) added a comment - New issue created https://jira.ez.no/browse/EZP-20880

            People

            • Assignee:
              Unassigned
              Reporter:
              Pedro Resende (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 6 hours, 23 minutes
                6h 23m