[jira] Commented: (JSPWIKI-352) page ACLs seem to get mixed up in special cases

Wed, 20 Aug 2008 12:11:46 -0700 

    [ 
https://issues.apache.org/jira/browse/JSPWIKI-352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12624101#action_12624101
 ] 

Florian Holeczek commented on JSPWIKI-352:
------------------------------------------

Ok, I'll have a look at it.

Maybe you can't replicate it because you have too much access rights? 
Administrators can edit a page despite this bug. Also, the bug doesn't appear 
when using a security policy, in which everyone may edit a page.

I could even replicate it on sandbox.jspwiki.org, and it's still there at the 
moment.

> page ACLs seem to get mixed up in special cases
> -----------------------------------------------
>
>                 Key: JSPWIKI-352
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-352
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.7.x
>            Reporter: Florian Holeczek
>         Attachments: JSPWIKI-352.patch
>
>
> As reported on the mailing list before, I had some weird issues with pages 
> getting uneditable as if by a ghost's hand.
> I was able to reproduce this error finally like following:
> Insert the page ACL "allow view all" to the page named "EditPageHelp" (and 
> verify there's no other ACL).
> Seems as if editing an arbitrary page after this, the page ACLs of the page 
> to be edited and the EditPageHelp are getting mixed up somehow. The result 
> is, that pages aren't editable at all (although they should be), or that 
> there's an error while saving the changes ("you're not allowed to do that, 
> better luck next time") and the page becomes uneditable from this moment on.
> I didn't track it down to the source code, but I think this will be quite 
> easy now.
> Also, I didn't test older releases, only the 2.7.x (current trunk).
> Interesting to see that some pages only become uneditable only after trying 
> to edit them, while others are uneditable from the beginning on. Maybe the 
> pattern can be checked while debugging in order to get some hints for 
> JSPWIKI-27.
> Happy debugging!

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to