Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29899

Current Content version loading can end up loading wrong version under concurrency

    Details

      Description

      Common symptom:
      For not logged in users this will result in login screen, if logged in you'll get permission error or missing content.


      Context:
      In API when loading content in current version, that is done in two steps, first loading content info, then content.

      There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for content/versionread which will throw UnauthorizedException exception.


      Possible solution:

      • Change SPI to allow direct loading of current version, and use that in ContentService
      • 6.13 and up: adapt ContentService::loadContentByContentInfo and Persistence\Cache\ContentHandler::deleteTranslationFromDraft for this

        Issue Links

          Activity

          André Rømcke created issue -
          André Rømcke made changes -
          Field Original Value New Value
          Link This issue relates to CS-6732 [ CS-6732 ]
          André Rømcke made changes -
          Link This issue relates to EZP-28177 [ EZP-28177 ]
          André Rømcke made changes -
          Link This issue relates to EZP-25860 [ EZP-25860 ]
          André Rømcke made changes -
          Link This issue relates to CS-6209 [ CS-6209 ]
          André Rømcke made changes -
          Description Common symptom: *For not logged in users this will result in login screen, if logged in you'll get permission error or missing content.*

          --
          h5. 1. ContentService
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.

          h5. 2. SearchService
          Similar issue has been attempted to be solved in Search service before in EZP-28177.


          ----


          This bug is thus about:
          1. Change SPI to allow direct loading of current version, and use that in ContentService
          2. Go over SearchService and identify remaining places where this pattern is used, especially on 5.4 where EZP-28177 was not backported as it was rather large change.




          Common symptom: _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          h5. 1. ContentService
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.

          h5. 2. SearchService
          Similar issue has been attempted to be solved in Search service before in EZP-28177.


          ----


          This bug is thus about:
          1. Change SPI to allow direct loading of current version, and use that in ContentService
          2. Go over SearchService and identify remaining places where this pattern is used, especially on 5.4 where EZP-28177 was not backported as it was rather large change.




          André Rømcke made changes -
          Description Common symptom: _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          h5. 1. ContentService
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.

          h5. 2. SearchService
          Similar issue has been attempted to be solved in Search service before in EZP-28177.


          ----


          This bug is thus about:
          1. Change SPI to allow direct loading of current version, and use that in ContentService
          2. Go over SearchService and identify remaining places where this pattern is used, especially on 5.4 where EZP-28177 was not backported as it was rather large change.




          Common symptom:
          _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          Context:
          h5. 1. ContentService
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.

          h5. 2. SearchService
          Similar issue has been attempted to be solved in Search service before in EZP-28177.

          ----
          Possible solution:
          1. Change SPI to allow direct loading of current version, and use that in ContentService
          2. Go over SearchService and identify remaining places where this pattern is used, especially on 5.4 where EZP-28177 was not backported as it was rather large change.




          André Rømcke made changes -
          Description Common symptom:
          _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          Context:
          h5. 1. ContentService
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.

          h5. 2. SearchService
          Similar issue has been attempted to be solved in Search service before in EZP-28177.

          ----
          Possible solution:
          1. Change SPI to allow direct loading of current version, and use that in ContentService
          2. Go over SearchService and identify remaining places where this pattern is used, especially on 5.4 where EZP-28177 was not backported as it was rather large change.




          Common symptom:
          _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          Context:
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.


          ----
          Possible solution:
          Change SPI to allow direct loading of current version, and use that in ContentService





          André Rømcke made changes -
          Description Common symptom:
          _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          Context:
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.


          ----
          Possible solution:
          Change SPI to allow direct loading of current version, and use that in ContentService





          Common symptom:
          _For not logged in users this will result in login screen, if logged in you'll get permission error or missing content._

          --
          Context:
          In API when loading content in current version, that is done in two steps, first loading content info, then content.

          There are many reports that under concurrency this can lead to wrong version being loaded which makes API check for {{content/versionread}} which will throw {{UnauthorizedException}} exception.


          ----
          Possible solution:
          * Change SPI to allow direct loading of current version, and use that in ContentService
          * 6.13 and up: adapt {{ContentService::loadContentByContentInfo}} and {{Persistence\Cache\ContentHandler::deleteTranslationFromDraft}} for this




          André Rømcke made changes -
          Status Open [ 1 ] Confirmed [ 10037 ]
          André Rømcke made changes -
          Fix Version/s Customer request [ 11018 ]
          André Rømcke made changes -
          Status Confirmed [ 10037 ] Backlog [ 10000 ]
          André Rømcke made changes -
          Status Backlog [ 10000 ] Development [ 3 ]
          Assignee André Rømcke [ andre.romcke@ez.no ]
          André Rømcke made changes -
          Status Development [ 3 ] Development Review done [ 10028 ]
          Fix Version/s 2.4.1 [ 15101 ]
          Fix Version/s 1.7.9 [ 15015 ]
          Fix Version/s 1.13.5 [ 15016 ]
          Fix Version/s 5.4.13 [ 15017 ]
          Fix Version/s 2.3.3 [ 15096 ]
          Assignee André Rømcke [ andre.romcke@ez.no ]
          André Rømcke made changes -
          Status Development Review done [ 10028 ] Documentation Review done [ 10011 ]
          Show
          André Rømcke added a comment - PR: https://github.com/ezsystems/ezpublish-kernel/pull/2502
          Show
          André Rømcke added a comment - Merged: https://github.com/ezsystems/ezpublish-kernel/commit/9d44b532287921a16abe92ec660695555089893e
          Hide
          Maciej Tyrała added a comment -

          QA approved (one and a half month ago ). Closing as fixed.

          Show
          Maciej Tyrała added a comment - QA approved (one and a half month ago ). Closing as fixed.
          Maciej Tyrała made changes -
          Status Documentation Review done [ 10011 ] Closed [ 6 ]
          Resolution Fixed [ 1 ]
          Transition Time In Source Status Execution Times Last Executer Last Execution Date
          Open Open Confirmed Confirmed
          3d 2h 18m 1 André Rømcke 17/Dec/18 5:41 PM
          Confirmed Confirmed Backlog Backlog
          13s 1 André Rømcke 17/Dec/18 5:41 PM
          Backlog Backlog Development Development
          11s 1 André Rømcke 17/Dec/18 5:41 PM
          Development Development Development Review done Development Review done
          36s 1 André Rømcke 17/Dec/18 5:42 PM
          Development Review done Development Review done Documentation Review done Documentation Review done
          10s 1 André Rømcke 17/Dec/18 5:42 PM
          Documentation Review done Documentation Review done Closed Closed
          48d 17h 57m 1 Maciej Tyrała 04/Feb/19 11:40 AM

            People

            • Assignee:
              Unassigned
              Reporter:
              André Rømcke
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: