Forums / Setup & design / Insuff. permissions on anonym. login after adding section

Insuff. permissions on anonym. login after adding section

Author Message

Valentin Svelland

Wednesday 02 January 2008 2:28:19 am

I'm setting up an eZp 3.9.4 installation with multiple sites, and was just about to go live when I decided to duplicate role "Editor" to create a new role which only show necessary subtree for each site's editors.

Anyway, I also created a new section in this process (id=7), and then things suddenly went wrong. I haven't touched the anonymous user, and still the site is complaining on insufficient permissions when shown without being logged on.

(Yes, I did add the new siteaccesses to my anonymous-role - and this worked perfectly fine until my new section was created)

This is the debug:

Insufficient permissions 
Function required:
 Module : content
 Function : read
 ClassID : 23
 MainNodeID : 173
Policies that didn't match:
 PolicyID : p_507
  Limitation : Section
  Required : 1, 
 PolicyID : p_512
  Limitation : Class
  Required : 29, 30, 31, 32, 33, 40, 
 PolicyID : p_516
  Limitation : Section
  Required : 4, 

 

All this seems very odd, any suggestions? By the way, I'm not allowed to delete my new section although this is no longer related to any users or roles.

------------------------
I made eZ run on www.eigersund.kommune.no, bjerkreim.kommune.no, lund.kommune.no and sokndal.kommune.no. Municipalities should use open source!

Valentin Svelland

Wednesday 02 January 2008 2:47:18 am

Found a solution:
I reassigned the section "Standard" to the top node of the content tree (to newbies: you need to navigate one level up using the little folder-top-arrow), flushed the cache and all was well - hopefully..

Can't say I like this behaviour in eZp: It seems it was my new section (section id=7) that started this trouble. Is this a bug?

This issue could be related to this forum posting:
http://ez.no/developer/forum/setup_design/role_caching_problem

PS! Happy New Year by the way!

------------------------
I made eZ run on www.eigersund.kommune.no, bjerkreim.kommune.no, lund.kommune.no and sokndal.kommune.no. Municipalities should use open source!

Nicolas Lescure

Wednesday 02 January 2008 4:22:33 am

When you create a new section, it is considered as "private". You have to allow anonymous users to read it.
In "roles and policies", give them something like that : "content read Section( YourSection )"

Valentin Svelland

Thursday 03 January 2008 1:13:18 am

Hi, yes that's true. What I didn't expect was that assigning a subtree to a new section would strip it from its relation to the original section. I actually had to reassign both the "Standard" and the section "Restricted" to my member area as well, to return my site to the original state.

Now I'm setting up the necessary access limitation through the use of roles alone.

------------------------
I made eZ run on www.eigersund.kommune.no, bjerkreim.kommune.no, lund.kommune.no and sokndal.kommune.no. Municipalities should use open source!

Laurent BOURREL

Thursday 03 January 2008 1:40:53 am

Hi Valentin,

You're right, you can't assign several sections to an object.

By the way, the session are related to the object and not to the node. It seems that if you have a multi-location content, you can't have one section by location.

Hope this helps...
Laurent