Access denied problem - diggin into it

Tuesday 29 July 2003 1:13:11 am

Hi everybody!

As I have some problems with the anonymous access to my site, I encountered this (buggy) behaviour:

/admin/role/list/ -> Clicking "Anonymous" [Edit]
What I see is:
-------------------------------
user : login : *
content : read : *
-------------------------------

going back and choosing "Assign" and selecting "Anonymous User" I see totally different role policies:

-------------------------------
user : login : *
content : read : Class( Folder , Info page , Info page , Link , Link , File , File , Comment , Comment , Article , Article , Image , Image , Product , Product )
-------------------------------

Notice the classes listed twice.

I edited the role once again and granted access to "Class( Folder , Info page , Link , File , Comment , Referenz , Kontakt , Article , Image , Product )"

The changes seemed commited, BUT:
/admin/role/list/ -> Clicking "Anonymous" [Edit] shows me:

-------------------------------
content : read : *
-------------------------------

And, even worse,
/admin/role/list/ -> Clicking "Anonymous" [Assign], assigning "Anonymous User" shows me:
content : read : * Class( Folder , Info page , Link , File , Comment , Referenz , Kontakt , Article , Image , Product )

Notice the "*" at the beginning.

I tried then to delete the "content" policy: It disappeared within the edit-section, but the policy shown after assigning the role showed me the old grants. And more: the rights still existed, anonymous had all access to content : read!

So I got two major problems: I have two different policy views, depending on wheter I choose edit or view the role after I have assigned it to a User/User-Group.
And it seems edit does not really commit changes properly.

This applies to 3.1-1 Revision: 2703

I regard this as a huge problem and it would be great if we could figure out if this is my personal problem or if others also experience problems in that case. So please play around with it for a second and post your results!

Thanks a lot!

regards, Thomas

Friday 01 August 2003 1:28:13 am

some "it's workin for me, so what's your problem dude?" would also be ok! Maybe it's been fixed in a later revision? Somebody have some info on this?

Thanks!

Tuesday 05 August 2003 8:09:38 am

Hi Esben,

I have even tried to delete the cache after virtually every click.
The thing is, I don't want to upgrade my Linux Box to a version that supports svn, install svn, get the latest snapshot just to see that I'm still having the same problem afterwards.

Again, my version is 3.1-1 Revision: 2703.

Can anyone confirm, that this problem is not current anymore with a version > Rev. 2703?

Esben, you said sometimes you get a cached page with wrong policies? What version do you use?

I have absolutely no problems with bugs or unexpected behaviour, but if this one should not run smoothly, I would definitely prioritise this topic!

BTW: my current state is this: User Anonymous has NO rights at all in the moment, and can even access admin area - not able to change anything though ... not a caching problem, have deleted it a million times...

I simply want to find out, if the horrible bug is still in there or not, and if yes, make everyone aware of it and place on no. 1 of the todo list.

Just image this would be a live site I'd be working on and I would not be able to close down my clients area for anonymous users - I'd have to shut down my whole site - even worse - I wouldn't even realize the problem, because admin says "Anonymous has no rights at all!"

So come on girls, gimme a status ;)
cheers
Tom

Saturday 01 November 2003 9:34:08 am

I have the same problem on 3.2 as well, I cannot restrict the anonymous user from sections... this seems to me to be quite a serious issue, why isn't there more discussion on this topic?

Tuesday 11 May 2004 6:09:33 am

I have the save problem. It seems to happen with Intranet setup when I setup Corporate it work fine.