Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-25458

Wrong generate query when using multiple policies

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: High High
    • Resolution: Unresolved
    • Affects Version/s: 2015.12.1
    • Fix Version/s: None
    • Component/s: Permissions
    • Labels:
      None

      Description

      Hi Guys,

      When you have multiple policy line with limitations, seems the query generate by eZ is wrong.

      Step to reproduce:

      • create a new section, create an article and assign this section
      • edit anonymous roles (contains content / read / section ( 1, 3 ) by default)
      • add a new policy: content, read, Section( id_of_new_section )
      • save

      I've tried with a REST call using views:

      • create a view call
      • using criteria: ContentTypeIdentifierCriterion on article and SectionIdentifierCriterion: 'iidentifier_of_your_section'

      eZ returns no result.

      Problem is on the searchService, on method internalFindContentInfo() (eZ/Publish/Core/Repository/SearchService.php line 96)
      On this method, the script call addPermissionsCriterion() which modify your query->filter. Something is wrong behind this one.

      A criterion covering policies is added to the query, with a LogicalOr(). But only the first content/read policy (the one by default in the anonymous role) is there, not the one we have added.

      The consequence is that the expected content is not returned, since the section we have permissions for is not in the criteria.

      Query received (first step on REST API):

      object(eZ\Publish\API\Repository\Values\Content\Query)[896]
        public 'filter' => 
          object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\LogicalAnd)[892]
            public 'criteria' => 
              array (size=2)
                0 => 
                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\ContentTypeId)[845]
                    public 'operator' => string '=' (length=1)
                    public 'value' => 
                      array (size=1)
                        0 => int 16
                    public 'target' => null
                    public 'valueData' => null
                1 => 
                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\SectionId)[890]
                    public 'operator' => string '=' (length=1)
                    public 'value' => 
                      array (size=1)
                        0 => int 7
                    public 'target' => null
                    public 'valueData' => null
            public 'operator' => null
            public 'value' => null
            public 'target' => null
            public 'valueData' => null
        public 'query' => null
        public 'sortClauses' => 
          array (size=0)
            empty
        public 'facetBuilders' => 
          array (size=0)
            empty
        public 'offset' => int 0
        public 'limit' => int 25
        public 'spellcheck' => null
        public 'performCount' => boolean true
      

      Query generated by eZ before sending it to the SearchService :

      object(eZ\Publish\API\Repository\Values\Content\Query)[896]
        public 'filter' => 
          object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\LogicalAnd)[892]
            public 'criteria' => 
              array (size=3)
                0 => 
                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\ContentTypeId)[845]
                    public 'operator' => string '=' (length=1)
                    public 'value' => 
                      array (size=1)
                        0 => int 16
                    public 'target' => null
                    public 'valueData' => null
                1 => 
                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\SectionId)[890]
                    public 'operator' => string '=' (length=1)
                    public 'value' => 
                      array (size=1)
                        0 => int 7
                    public 'target' => null
                    public 'valueData' => null
                2 => 
                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\LogicalOr)[907]
                    public 'criteria' => 
                      array (size=2)
                        0 => 
                          object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\SectionId)[903]
                            public 'operator' => string 'in' (length=2)
                            public 'value' => 
                              array (size=2)
                                0 => string '3' (length=1)
                                1 => string '1' (length=1)
                            public 'target' => null
                            public 'valueData' => null
                        1 => 
                          object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\LogicalAnd)[910]
                            public 'criteria' => 
                              array (size=2)
                                0 => 
                                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\ContentTypeId)[908]
                                    public 'operator' => string 'in' (length=2)
                                    public 'value' => 
                                      array (size=4)
                                        0 => string '27' (length=2)
                                        1 => string '35' (length=2)
                                        2 => string '37' (length=2)
                                        3 => string '26' (length=2)
                                    public 'target' => null
                                    public 'valueData' => null
                                1 => 
                                  object(eZ\Publish\API\Repository\Values\Content\Query\Criterion\SectionId)[909]
                                    public 'operator' => string '=' (length=1)
                                    public 'value' => 
                                      array (size=1)
                                        0 => string '3' (length=1)
                                    public 'target' => null
                                    public 'valueData' => null
                            public 'operator' => null
                            public 'value' => null
                            public 'target' => null
                            public 'valueData' => null
                    public 'operator' => null
                    public 'value' => null
                    public 'target' => null
                    public 'valueData' => null
            public 'operator' => null
            public 'value' => null
            public 'target' => null
            public 'valueData' => null
        public 'query' => null
        public 'sortClauses' => 
          array (size=0)
            empty
        public 'facetBuilders' => 
          array (size=0)
            empty
        public 'offset' => int 0
        public 'limit' => int 25
        public 'spellcheck' => null
        public 'performCount' => boolean true
      

        Activity

        Hide
        André Rømcke added a comment -

        Did you try clearing persistence cache?

        Show
        André Rømcke added a comment - Did you try clearing persistence cache?
        Hide
        Bertrand Dunogier added a comment -

        Behat scenario version, approved by Philippe Vincent-Royol:

        Given I have a role that has two content/read policies, each limited to a Section
          and there are content items in both sections
         when I search for content
         then the results should contain items from both sections
        

        Show
        Bertrand Dunogier added a comment - Behat scenario version, approved by Philippe Vincent-Royol : Given I have a role that has two content/read policies, each limited to a Section and there are content items in both sections when I search for content then the results should contain items from both sections
        Hide
        Rui Silva (Inactive) added a comment -

        Hello, Philippe Vincent-Royol, when you say on this jira description:

        I've tried with a REST call using views:
        create a view call
        using criteria: ContentTypeIdentifierCriterion on article and SectionIdentifierCriterion: 'iidentifier_of_your_section'

        what exactly are you referring to?
        Can you provide specific detailed steps / context on this part, for us to try and reproduce this?
        Thanks,
        Rui Silva

        Show
        Rui Silva (Inactive) added a comment - Hello, Philippe Vincent-Royol , when you say on this jira description: I've tried with a REST call using views: create a view call using criteria: ContentTypeIdentifierCriterion on article and SectionIdentifierCriterion: 'iidentifier_of_your_section' what exactly are you referring to? Can you provide specific detailed steps / context on this part, for us to try and reproduce this? Thanks, Rui Silva
        Show
        Philippe Vincent-Royol added a comment - Hi Rui, I'm talking about this: https://github.com/ezsystems/ezpublish-kernel/blob/master/doc/specifications/rest/REST-API-V2.rst#user-content-create-view
        Hide
        André Rømcke added a comment - - edited

        Might be related to recently fixed EZP-26476.

        Show
        André Rømcke added a comment - - edited Might be related to recently fixed EZP-26476 .

          People

          • Assignee:
            Unassigned
            Reporter:
            Philippe Vincent-Royol
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated: