protector package (was Controlling forum access by group)
protector package (was Controlling forum access by group)
Posted:Fri 06 of Nov, 2009 (16:01 UTC)OK, It looks as if there is a small problem with the protector package. I set a board to be viewable only by members of the editors group. This now seems to block all access to the site. Worse still, if I'm not logged in I can't even log back in to change it. That's right, even the log in page is blocked.
As soon as I do remove the protection then site access is restored.
(Tip for anyone stuck like this - you can hide the package by prefixing the directory name with a '.' )
I guess I'll have to dig into the code a little to see what is going on.
As soon as I do remove the protection then site access is restored.
(Tip for anyone stuck like this - you can hide the package by prefixing the directory name with a '.' )
I guess I'll have to dig into the code a little to see what is going on.
Re: protector package (was Controlling forum access by group)
Posted:Fri 06 of Nov, 2009 (17:21 UTC)Hmmm... digging into the code and looking at the underlying database hasn't helped.
Worse still the test site I tried it on doesn't exhibit the problem. That makes it difficult to debug as the problem site is remote and the network connection is not too good.
FWIW, the site displays the 'Permission denied' screen and all four links (login, register, home page and previous page) throw the same page up. So far it looks like a really neat way of locking the site down
Worse still the test site I tried it on doesn't exhibit the problem. That makes it difficult to debug as the problem site is remote and the network connection is not too good.
FWIW, the site displays the 'Permission denied' screen and all four links (login, register, home page and previous page) throw the same page up. So far it looks like a really neat way of locking the site down
Re: protector package (was Controlling forum access by group)
Posted:Sat 07 of Nov, 2009 (11:06 UTC)OK, there is a bug somewhere
Here is a synopsis of the query sequence:
And at that point it becomes clear that content_id is protected so the error is thrown and the site locked down.
This even happens when trying to log in. I suspect that the reason why my test site works is because there is a lot more data stored and a protected content_id is not appearing in the SELECT FIRST 10.
It seems to be that the call to LibertyComment is redundant at this stage and in any case a fatal error should not be thrown at this point. Unfortunately, I haven't found a way of disabling the call to LibertyComment. It looks as if it is the constructor that is the culprit.
Here is a synopsis of the query sequence:
Q13 - UPDATE stats_pageviews Q14 - SELECT tl.* FROM themes_layouts Q15 - SELECT tl.* FROM themes_layouts Q16 - SELECT FIRST 10 SKIP 0 e.*, ... FROM events e Q17 - SELECT FIRST 1 COUNT( * ) FROM events e Q18 - SELECT FIRST 10 SKIP 0 lcom.* ... FROM liberty_comments lcom ... WHERE lcom.parent_id=ptc.content_id AND (lcgm.content_id IS NULL OR lcgm.group_id IN( -1 ) OR ugm.user_id= -1) Q19 - SELECT FIRST 1 content_type_guid FROM liberty_content WHERE content_id=14 Q20 - SELECT lc.content_id, lcgm.group_id AS is_protected FROM liberty_content lc LEFT JOIN liberty_content_group_map lcgm ON ( lc.content_id=lcgm.content_id ) LEFT OUTER JOIN users_groups_map ugm ON ( ugm.user_id=-1 ) AND ( ugm.group_id=lcgm.group_id ) WHERE lc.content_id = 14
And at that point it becomes clear that content_id is protected so the error is thrown and the site locked down.
This even happens when trying to log in. I suspect that the reason why my test site works is because there is a lot more data stored and a protected content_id is not appearing in the SELECT FIRST 10.
It seems to be that the call to LibertyComment is redundant at this stage and in any case a fatal error should not be thrown at this point. Unfortunately, I haven't found a way of disabling the call to LibertyComment. It looks as if it is the constructor that is the culprit.
Re: protector package (was Controlling forum access by group)
Posted:Sat 07 of Nov, 2009 (16:30 UTC)Where did that go .... I'd posted a reply
Paul - I use protector on all my sites but I do have other packages turned off, so it's not tested with everything.
'enquirysolve.co.uk/wiki/index.php?page=Bassetlaw+District+Council+Site+Information' will show you what you should see, but I presume that you have already had that?
What packages do you have active? And more important is the deafult home page unprotected? So that 'site/bitweaver' actually displays a page. You need something visible to fall back to.
Paul - I use protector on all my sites but I do have other packages turned off, so it's not tested with everything.
'enquirysolve.co.uk/wiki/index.php?page=Bassetlaw+District+Council+Site+Information' will show you what you should see, but I presume that you have already had that?
What packages do you have active? And more important is the deafult home page unprotected? So that 'site/bitweaver' actually displays a page. You need something visible to fall back to.
Re: protector package (was Controlling forum access by group)
Posted:Mon 09 of Nov, 2009 (09:02 UTC)Hi Lester,
I haven't been able to track this down, other than it looks as if the problem _might_ be due to the fact that the site doesn't have much content and messages to the boards seem to be stored as comments. So the query that does the 'SELECT FIRST 10 from lcom.*" hits a test message to the protected board and the code that checks if a comment is protected then throws the error.
If I have time later today I'll try adding 10 dummy comments/messages/whatever and then add a comment to the protected board. That might fool the protector.
Paul
I haven't been able to track this down, other than it looks as if the problem _might_ be due to the fact that the site doesn't have much content and messages to the boards seem to be stored as comments. So the query that does the 'SELECT FIRST 10 from lcom.*" hits a test message to the protected board and the code that checks if a comment is protected then throws the error.
If I have time later today I'll try adding 10 dummy comments/messages/whatever and then add a comment to the protected board. That might fool the protector.
Paul
Re: protector package (was Controlling forum access by group)
Posted:Mon 09 of Nov, 2009 (13:16 UTC)It is possible that 'comments' are not being filtered properly. I mainly use fisheye galleries and content get filtered correctly to that but adding comments may not be setting the liberty_content_group_map entries for them. Although if there ARN'T values for the content_id then the query should default to 'OK' rather than block.
Re: protector package (was Controlling forum access by group)
Posted:Tue 10 of Nov, 2009 (06:08 UTC)Thanks for the pointer.
I just started fresh with new admin board, protected it and then added a message. The admin board itself is in liberty_content_group_map but the message isn't.
I manually added the comments content_id and group_id to the liberty_content_group_map table and everything works.
So, now the question is - what code is needed to make sure that messages to protected boards get added to liberty_content_group_map?
I just started fresh with new admin board, protected it and then added a message. The admin board itself is in liberty_content_group_map but the message isn't.
I manually added the comments content_id and group_id to the liberty_content_group_map table and everything works.
So, now the question is - what code is needed to make sure that messages to protected boards get added to liberty_content_group_map?
Re: protector package (was Controlling forum access by group)
Posted:Tue 10 of Nov, 2009 (08:33 UTC)I just turned the SQL debugging on to confirm - the call to LibertyProtector::storeProtection just gets completely missed when storing a new message to a protected board.
There is this test at the start of storeProtection:
which fails because ['protector']['group_id'] has not been added to the pParamHash.
Unfortunately I don't know the code well enough to work out where to fix this.
Should I log this as a bug?
There is this test at the start of storeProtection:
if( @BitBase::verifyId( $pParamHash['protector']['group_id'] ) )
which fails because ['protector']['group_id'] has not been added to the pParamHash.
Unfortunately I don't know the code well enough to work out where to fix this.
Should I log this as a bug?
Re: protector package (was Controlling forum access by group)
Posted:Wed 11 of Nov, 2009 (07:22 UTC)Paul
I'll have a look at this later. THAT should come automatically from the services interface, so that the selection dropdown is added to the edit page, but this may be missing somewhere in the sequence. I've no actually USED boards yet, but I'll try and set one one here and check it out better.
Since you have a protected board, this value SHOULD be a copy of the one used by the board item. That is how it works with galleries and files in galleries.
I'll have a look at this later. THAT should come automatically from the services interface, so that the selection dropdown is added to the edit page, but this may be missing somewhere in the sequence. I've no actually USED boards yet, but I'll try and set one one here and check it out better.
Since you have a protected board, this value SHOULD be a copy of the one used by the board item. That is how it works with galleries and files in galleries.
Re: protector package (was Controlling forum access by group)
Posted:Wed 11 of Nov, 2009 (16:35 UTC)paul - I'm playing with 2.7 - with protector added rather than gatekeeper, but I've not found the problem you are seeing. I've created a visible board and one only visible to registered users, and while not logged in I just see the open one.
There is a problem which is due to the fact that the protection setting is NOT being applied to the comment records, so ALL are visible from recent posts and from view content. I need to get the posts to update
liberty_content_group_map based on the board setting to fully hide the content.
I have to presume now that we have a database specific problem since this is sort of working on Firebird. I suspect that simply fixing the underlying problem may sort it anyway if I can work out how to pass the protector setting onto the comment record.
There is a problem which is due to the fact that the protection setting is NOT being applied to the comment records, so ALL are visible from recent posts and from view content. I need to get the posts to update
liberty_content_group_map based on the board setting to fully hide the content.
I have to presume now that we have a database specific problem since this is sort of working on Firebird. I suspect that simply fixing the underlying problem may sort it anyway if I can work out how to pass the protector setting onto the comment record.
Boards Home
Loading…