Forums / General / Access denied problem - diggin into it

Access denied problem - diggin into it

Author Message

Thomas Brandl

Tuesday 29 July 2003 1:13:11 am

Hi everybody!

As I have some problems with the anonymous access to my site, I encountered this (buggy) behaviour:

/admin/role/list/ -> Clicking "Anonymous" [Edit]
What I see is:
-------------------------------
user : login : *
content : read : *
-------------------------------

going back and choosing "Assign" and selecting "Anonymous User" I see totally different role policies:

-------------------------------
user : login : *
content : read : Class( Folder , Info page , Info page , Link , Link , File , File , Comment , Comment , Article , Article , Image , Image , Product , Product )
-------------------------------

Notice the classes listed twice.

I edited the role once again and granted access to "Class( Folder , Info page , Link , File , Comment , Referenz , Kontakt , Article , Image , Product )"

The changes seemed commited, BUT:
/admin/role/list/ -> Clicking "Anonymous" [Edit] shows me:

-------------------------------
content : read : *
-------------------------------

And, even worse,
/admin/role/list/ -> Clicking "Anonymous" [Assign], assigning "Anonymous User" shows me:
content : read : * Class( Folder , Info page , Link , File , Comment , Referenz , Kontakt , Article , Image , Product )

Notice the "*" at the beginning.

I tried then to delete the "content" policy: It disappeared within the edit-section, but the policy shown after assigning the role showed me the old grants. And more: the rights still existed, anonymous had all access to content : read!

So I got two major problems: I have two different policy views, depending on wheter I choose edit or view the role after I have assigned it to a User/User-Group.
And it seems edit does not really commit changes properly.

This applies to 3.1-1 Revision: 2703

I regard this as a huge problem and it would be great if we could figure out if this is my personal problem or if others also experience problems in that case. So please play around with it for a second and post your results!

Thanks a lot!

regards, Thomas

David Barker

Tuesday 29 July 2003 4:36:40 pm

Hey!
I could do with info on this... I just tried to allow one of my classes to be read by an anonymous user but it didn't make a different when I tried!!

Thanks,
Dave

Thomas Brandl

Friday 01 August 2003 1:28:13 am

some "it's workin for me, so what's your problem dude?" would also be ok! Maybe it's been fixed in a later revision? Somebody have some info on this?

Thanks!

Esben Maaløe

Saturday 02 August 2003 4:08:35 am

Sometimes I get a cached version of the permission page. Try reloading when you see a page that definately seems wrong. Also when you edit permission - REMEMBER to click 'Store'.

It seems that it will hold on to your edits - but not apply them before you click store. So sometimes you have the actual permissions - and when you click edit you see a totally different set of perms (namely the ones you set up when you last edited without clicking store).

Thomas Brandl

Tuesday 05 August 2003 8:09:38 am

Hi Esben,

I have even tried to delete the cache after virtually every click.
The thing is, I don't want to upgrade my Linux Box to a version that supports svn, install svn, get the latest snapshot just to see that I'm still having the same problem afterwards.

Again, my version is 3.1-1 Revision: 2703.

Can anyone confirm, that this problem is not current anymore with a version > Rev. 2703?

Esben, you said sometimes you get a cached page with wrong policies? What version do you use?

I have absolutely no problems with bugs or unexpected behaviour, but if this one should not run smoothly, I would definitely prioritise this topic!

BTW: my current state is this: User Anonymous has NO rights at all in the moment, and can even access admin area - not able to change anything though ... not a caching problem, have deleted it a million times...

I simply want to find out, if the horrible bug is still in there or not, and if yes, make everyone aware of it and place on no. 1 of the todo list.

Just image this would be a live site I'd be working on and I would not be able to close down my clients area for anonymous users - I'd have to shut down my whole site - even worse - I wouldn't even realize the problem, because admin says "Anonymous has no rights at all!"

So come on girls, gimme a status ;)
cheers
Tom

Jan Åge Johnsen

Monday 22 September 2003 7:06:56 am

I have the same problem in ez 3.2, have anybody looked intro it ?

Lachy Laycock

Saturday 01 November 2003 9:34:08 am

I have the same problem on 3.2 as well, I cannot restrict the anonymous user from sections... this seems to me to be quite a serious issue, why isn't there more discussion on this topic?

Lachy Laycock

Saturday 01 November 2003 9:50:53 am

what is just as confusing is if i completely remove all all traces of the anonymous user and associated roles, then i can still have read access to the site!

Should this be?

bun taing

Tuesday 11 May 2004 6:09:33 am

I have the save problem. It seems to happen with Intranet setup when I setup Corporate it work fine.