Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: High High
    • Resolution: Fixed
    • Affects Version/s: dev-master
    • Fix Version/s: 5.4.11-rc, 2017.08
    • Component/s: Legacy stack
    • Labels:
      None

      Description

      EZP-27427 introduces a bug where the only group used to load roles is the userid. It should include all groups. In other words inherited roles where not placed in the user cache, affecting methods using this user cache.

        Activity

        Show
        André Rømcke added a comment - Merged: https://github.com/ezsystems/ezpublish-legacy/commit/70a0d8aef56b279dc78f4db4f61752c2b94e85d0
        Hide
        Rui Silva added a comment -

        Douglas Hammond, I'm from QA team and I'm trying to reproduce this issue as part of our certification procedure for a fix.
        These are the steps I've followed to try to reproduce this:

        1. Created a role Role27737 with the following policies:

        Module Function Limitation
        User Login no limitations
        Content View Section(Standard, Media)
        Content Versionview Section(Standard, Media)

        2. Created a User Group ezp27737group and a user ezp27737 inside it;

        3. Assigned User Group ezp27737group to Role Role27737;

        4. Login (in another browser for preventive purposes) as user ezp27737 in admin interface;

        5. I have access to Standard and Media sections (by navigating to the upper links "Content Structure" and "Media", respectively);

        6. I edit my Role Role27737 and change it to the following policies:

        Module Function Limitation
        User Login no limitations
        Content View Section(Standard)
        Content Versionview Section(Standard)

        7. I cannot access "Media" now, as it is corrected and expected.
        I was expecting the issue to be having the user still available to access it because the user not being affected by the Role Change (just the User Group), due to outdated cache.
        Isn't this the problem you describe?

        Show
        Rui Silva added a comment - Douglas Hammond, I'm from QA team and I'm trying to reproduce this issue as part of our certification procedure for a fix. These are the steps I've followed to try to reproduce this: 1. Created a role Role27737 with the following policies: Module Function Limitation User Login no limitations Content View Section(Standard, Media) Content Versionview Section(Standard, Media) 2. Created a User Group ezp27737group and a user ezp27737 inside it; 3. Assigned User Group ezp27737group to Role Role27737; 4. Login (in another browser for preventive purposes) as user ezp27737 in admin interface; 5. I have access to Standard and Media sections (by navigating to the upper links "Content Structure" and "Media", respectively); 6. I edit my Role Role27737 and change it to the following policies: Module Function Limitation User Login no limitations Content View Section(Standard) Content Versionview Section(Standard) 7. I cannot access "Media" now, as it is corrected and expected. I was expecting the issue to be having the user still available to access it because the user not being affected by the Role Change (just the User Group), due to outdated cache. Isn't this the problem you describe?
        Hide
        Douglas Hammond added a comment -

        The issue was the only role being loaded was the user itself while creating the user cache data. When not using cache it worked as expected as the user and it's groups were considered.

        With the fix the user groups are taken into account again wile the user cache data is generated.

        Show
        Douglas Hammond added a comment - The issue was the only role being loaded was the user itself while creating the user cache data. When not using cache it worked as expected as the user and it's groups were considered. With the fix the user groups are taken into account again wile the user cache data is generated.
        Hide
        Rui Silva added a comment -

        Tested and approved by QA for 5.4.

        Show
        Rui Silva added a comment - Tested and approved by QA for 5.4.

          People

          • Assignee:
            Unassigned
            Reporter:
            Douglas Hammond
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: