Greg, I take it that this is 1.3? I remember seing a ticket about a related issue at some point, and I am wondering if this issue has been fixed for 1.4 but not been backported to 1.3?
Tobias On 19.10.2012, at 00:31, Greg Logan <[email protected]> wrote: > Hi folks, > > I think I have encountered an error in the way Solr is returning > results, but I don't know that subsystem all that well so I figured I > would bring it up on list and see if anyone ran into this. > > Basically, I have professors leading two classes (Series) with three > sections (ROLEs) of the class who should be able to view the videos > (sections 01, 03, 05). I have the the following permissions setup: > > Series 1: > > ROLE_CN_201209_CMPT_111_01_LEADERS: View > ROLE_CN_201209_CMPT_111_01: View > ROLE_CN_201209_CMPT_111_03_LEADERS: View > ROLE_CN_201209_CMPT_111_03: View > ROLE_CN_201209_CMPT_111_05_LEADERS: View > ROLE_CN_201209_CMPT_111_05: View > ROLE_UID_GDL420: View > ROLE_ADMIN: View, Administer > Public: No access > > Series 2: > > ROLE_CN_201209_CMPT_111_01_LEADERS: View > ROLE_CN_201209_CMPT_111_01: View > ROLE_CN_201209_CMPT_111_03_LEADERS: View > ROLE_CN_201209_CMPT_111_03: View > ROLE_CN_201209_CMPT_111_05_LEADERS: View > ROLE_CN_201209_CMPT_111_05: View > Public: No access > > I'm using an LDAP server to provide group lookup, and the groups for the > affected users are correct. The issue is that some users with > appropriate permissions cannot see any of the processed videos. > > The key here appears to be that Solr is returning bad data. When I log > in as a user with ROLE_CN_201209_CMPT_111_03 and without ROLE_ADMIN or > ROLE_UID_GDL420 roles I do not see *any* videos at all. Adding > ROLE_UID_GDL420 gets me access to the videos from Series 1, but not > Series 2. Adding ROLE_ADMIN, of course, gives me access to everything, > but that's not feasible for deployed use. > > Looking at SolrRequester.java:126, the data returned from Solr is > incomplete. In the first case it returns no data, the second it returns > the correct data for series 1, but nothing series 2. Looking at the > ACLs in the returned results, these appear to be ok (they include > ROLE_CN_201209_CMPT_111_03), so I'm guessing the query itself is bad or > there's a permissions model error somewhere. The query looks like: > > q=*%3A*+AND+oc_organization%3Amh_default_org+AND+%28oc_acl_read%3AROLE_ANONYMOUS+OR+...+OR+oc_acl_read%3AROLE_CN_201209_CMPT_111_03+OR+...+AND+oc_mediatype%3AAudioVisual+AND+-oc_deleted%3A%5B*+TO+*%5D&rows=10&sort=oc_modified+desc&fl=*+score > > which looks right to me. Does anyone have a clue? This is a real > bummer to find mid-term... > > G > > _______________________________________________ > Matterhorn mailing list > [email protected] > http://lists.opencastproject.org/mailman/listinfo/matterhorn > > > To unsubscribe please email > [email protected] > _______________________________________________ _______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
