Edit detail for #843 Invisible issues in Tracker (permissions problem) revision 1 of 1

1
Editor: simon
Time: 2006/10/03 08:13:21 GMT+0
Note: revert

changed:
-
I've got a user with local role 'GroupMember' set for folder 'test'. Inside 'test' folder I had set up IssueTracker.

After I change 'view' permission for 'test' to allow viewing only to 'GroupMember' and 'Manager' strange things happends:

My user is still able to get into 'test' folder, and to add/edit ZWikiPages, he can also view issues in tracker but the problem is that he is not allowed to add new issue. It means - user can add issue, and this issue is created inside 'test' folder, but is never shown in tracker. 

When user points his browser to this issue it is shown to him, so permissions are correct, but issue is still not included in tracker.

Everything works fine when i set 'view' permission on 'test' also for 'Member' (for new issues - older ones are still not shown). But this is not what I want. ('test' is inside Plone site, and ZWiki version is 0.31).

From simon Tue Jun 8 10:56:38 -0700 2004
From: simon
Date: Tue, 08 Jun 2004 10:56:38 -0700
Subject: VERBOSE SECURITY
Message-ID: <[email protected]>

I would install VerboseSecurity to troubleshoot this. :)

Make sure that user also has 'Access contents information' permission.

From unknown Tue Jun 8 11:47:12 -0700 2004
From: 
Date: Tue, 08 Jun 2004 11:47:12 -0700
Subject: VERBOSE SECURITY
Message-ID: <[email protected]>
In-Reply-To: <[email protected]>

I've got VerboseSecurity, but there is no error reported! User clicks add, page is reloaded and.. tracker shows the same state as previously (and it's not caching problem :) ). Issues are silently generated, but not shown in tracker, what's more - each issue generated this way has the same number for example: IssueNo0007XX, IssueNo0007YY, IssueNo0007ZZ etc.

The user has 'Acces contents information' permission (it is set for GroupMember and for Member, Manager etc.). I have tried to diagnose this problem and diagnosis said that something is wrong with 'View' permission (behavior described earlier).

From eXt Thu Jun 10 05:34:26 -0700 2004
From: eXt
Date: Thu, 10 Jun 2004 05:34:26 -0700
Subject: digging
Message-ID: <[email protected]>

The same problem appeared when I tried to use backlinksFor, and pageNames (from dtml). What's more I've found the same behaviour (disappearing portal content - in this case Folders) with mxmWorkgroups. So I suppose that this is not ZWiki's fault :) but it's Plone's fault :(. Probably it is related to catalog - although this problem is very dynamic I had a repeatable siutation - after I updated catalog its content has disaapeared (was not visible for users with local roles, but was visible for users with global roles). Then I copied/pasted such broken folder.. and everything was ok. Then updated catalog and again - the same problem.. etc.

From eXt Thu Jun 10 05:37:37 -0700 2004
From: eXt
Date: Thu, 10 Jun 2004 05:37:37 -0700
Subject: It's Plone :( not ZWiki :)
Message-ID: <[email protected]>

Status: open => closed 


Submitted by : 127.0.0.1 at: 2004-06-08T04:42:19+00:00 (16 years ago)
Name :
Category : Severity : Status :
Optional subject :  
Optional comment :

I've got a user with local role GroupMember set for folder test. Inside test folder I had set up IssueTracker.

After I change view permission for test to allow viewing only to GroupMember and Manager strange things happends:

My user is still able to get into test folder, and to add/edit ZWikiPages?, he can also view issues in tracker but the problem is that he is not allowed to add new issue. It means - user can add issue, and this issue is created inside test folder, but is never shown in tracker.

When user points his browser to this issue it is shown to him, so permissions are correct, but issue is still not included in tracker.

Everything works fine when i set view permission on test also for Member (for new issues - older ones are still not shown). But this is not what I want. (test is inside Plone site, and ZWiki version is 0.31).


comments:

VERBOSE SECURITY --simon, Tue, 08 Jun 2004 10:56:38 -0700 reply
I would install VerboseSecurity? to troubleshoot this. :)

Make sure that user also has Access contents information permission.

VERBOSE SECURITY -- Tue, 08 Jun 2004 11:47:12 -0700 reply
I've got VerboseSecurity?, but there is no error reported! User clicks add, page is reloaded and.. tracker shows the same state as previously (and it's not caching problem :) ). Issues are silently generated, but not shown in tracker, what's more - each issue generated this way has the same number for example: IssueNo000?7XX, IssueNo000?7YY, IssueNo000?7ZZ etc.

The user has Acces contents information permission (it is set for GroupMember? and for Member, Manager etc.). I have tried to diagnose this problem and diagnosis said that something is wrong with View permission (behavior described earlier).

digging --eXt, Thu, 10 Jun 2004 05:34:26 -0700 reply
The same problem appeared when I tried to use backlinksFor, and pageNames (from dtml). What's more I've found the same behaviour (disappearing portal content - in this case Folders) with mxmWorkgroups. So I suppose that this is not ZWiki's fault :) but it's Plone's fault :(. Probably it is related to catalog - although this problem is very dynamic I had a repeatable siutation - after I updated catalog its content has disaapeared (was not visible for users with local roles, but was visible for users with global roles). Then I copied/pasted such broken folder.. and everything was ok. Then updated catalog and again - the same problem.. etc.

It's Plone :( not ZWiki :) --eXt, Thu, 10 Jun 2004 05:37:37 -0700 reply
Status: open => closed