Hi folks, I think I have encountered an error in the way Solr is returning results, but I don't know that subsystem all that well so I figured I would bring it up on list and see if anyone ran into this.
Basically, I have professors leading two classes (Series) with three sections (ROLEs) of the class who should be able to view the videos (sections 01, 03, 05). I have the the following permissions setup: Series 1: ROLE_CN_201209_CMPT_111_01_LEADERS: View ROLE_CN_201209_CMPT_111_01: View ROLE_CN_201209_CMPT_111_03_LEADERS: View ROLE_CN_201209_CMPT_111_03: View ROLE_CN_201209_CMPT_111_05_LEADERS: View ROLE_CN_201209_CMPT_111_05: View ROLE_UID_GDL420: View ROLE_ADMIN: View, Administer Public: No access Series 2: ROLE_CN_201209_CMPT_111_01_LEADERS: View ROLE_CN_201209_CMPT_111_01: View ROLE_CN_201209_CMPT_111_03_LEADERS: View ROLE_CN_201209_CMPT_111_03: View ROLE_CN_201209_CMPT_111_05_LEADERS: View ROLE_CN_201209_CMPT_111_05: View Public: No access I'm using an LDAP server to provide group lookup, and the groups for the affected users are correct. The issue is that some users with appropriate permissions cannot see any of the processed videos. The key here appears to be that Solr is returning bad data. When I log in as a user with ROLE_CN_201209_CMPT_111_03 and without ROLE_ADMIN or ROLE_UID_GDL420 roles I do not see *any* videos at all. Adding ROLE_UID_GDL420 gets me access to the videos from Series 1, but not Series 2. Adding ROLE_ADMIN, of course, gives me access to everything, but that's not feasible for deployed use. Looking at SolrRequester.java:126, the data returned from Solr is incomplete. In the first case it returns no data, the second it returns the correct data for series 1, but nothing series 2. Looking at the ACLs in the returned results, these appear to be ok (they include ROLE_CN_201209_CMPT_111_03), so I'm guessing the query itself is bad or there's a permissions model error somewhere. The query looks like: q=*%3A*+AND+oc_organization%3Amh_default_org+AND+%28oc_acl_read%3AROLE_ANONYMOUS+OR+...+OR+oc_acl_read%3AROLE_CN_201209_CMPT_111_03+OR+...+AND+oc_mediatype%3AAudioVisual+AND+-oc_deleted%3A%5B*+TO+*%5D&rows=10&sort=oc_modified+desc&fl=*+score which looks right to me. Does anyone have a clue? This is a real bummer to find mid-term... G
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
