Affects Version/s: 4.4.0, 4.5.0, 4.6.0, 4.7.0, 5.0, 2013.4, 5.1
eZPublish 5.1.0alpha1 (5.1.0alpha1) legacy stack only, DFS Cluster, PHP 5.4.7, CentOS 6.3, MySQL 5.5
We've got a setup with 5.1.0alpha1 legacy stack and DFS Cluster. In addition to this we setup some objectstates like "online", "offline", "in queue". As long as the article is "in queue" or "offline" anonymous users have no read permission to this and get an "eZError::KERNEL_ACCESS_DENIED".
No problem so far, but when we switch the state to "online" and clear the contentcache the access is still denied for anonymous.
I started to debug this issue and find an interesting combination bug for clustered setups and user permissions.
In case of when the user have read permission to the currently viewed node an array with ['content', 'scope', 'store', 'binarydata'] is returned, but when there is no read permission at the moment self::contentViewGenerateError is called which return an array with only ['content', 'store', 'binarydata'].
The scope => 'viewcache' is missing in this array. This causes a wrong INSERT query in dfsbackends/mysqli.php with no scope and wrong name_trunk set.
In case of content cache clear all the rows are update equals to
name_trunk = var/site/cache/content/sa/3/5/9/35935-
this not matches the incorrectly generated rows with UNKNOWN_SCOPE and wrong name_trunk. So the cache is still presented as not expired as long as I do not clear all the caches.
To fix this issue only one thing is todo:
The pull request is coming soon.