On 12-10-19 04:07 AM, Tobias Wunden wrote: > Greg, > > I take it that this is 1.3? I remember seing a ticket about a related issue > at some point, and I am wondering if this issue has been fixed for 1.4 but > not been backported to 1.3?
Nope, this is with 1.4/trunk. Originally I was testing with rev 12978 (what I deployed with), but testing with HEAD gives me the same issue... G > Tobias > > On 19.10.2012, at 00:31, Greg Logan <[email protected]> wrote: > >> Hi folks, >> >> I think I have encountered an error in the way Solr is returning >> results, but I don't know that subsystem all that well so I figured I >> would bring it up on list and see if anyone ran into this. >> >> Basically, I have professors leading two classes (Series) with three >> sections (ROLEs) of the class who should be able to view the videos >> (sections 01, 03, 05). I have the the following permissions setup: >> >> Series 1: >> >> ROLE_CN_201209_CMPT_111_01_LEADERS: View >> ROLE_CN_201209_CMPT_111_01: View >> ROLE_CN_201209_CMPT_111_03_LEADERS: View >> ROLE_CN_201209_CMPT_111_03: View >> ROLE_CN_201209_CMPT_111_05_LEADERS: View >> ROLE_CN_201209_CMPT_111_05: View >> ROLE_UID_GDL420: View >> ROLE_ADMIN: View, Administer >> Public: No access >> >> Series 2: >> >> ROLE_CN_201209_CMPT_111_01_LEADERS: View >> ROLE_CN_201209_CMPT_111_01: View >> ROLE_CN_201209_CMPT_111_03_LEADERS: View >> ROLE_CN_201209_CMPT_111_03: View >> ROLE_CN_201209_CMPT_111_05_LEADERS: View >> ROLE_CN_201209_CMPT_111_05: View >> Public: No access >> >> I'm using an LDAP server to provide group lookup, and the groups for the >> affected users are correct. The issue is that some users with >> appropriate permissions cannot see any of the processed videos. >> >> The key here appears to be that Solr is returning bad data. When I log >> in as a user with ROLE_CN_201209_CMPT_111_03 and without ROLE_ADMIN or >> ROLE_UID_GDL420 roles I do not see *any* videos at all. Adding >> ROLE_UID_GDL420 gets me access to the videos from Series 1, but not >> Series 2. Adding ROLE_ADMIN, of course, gives me access to everything, >> but that's not feasible for deployed use. >> >> Looking at SolrRequester.java:126, the data returned from Solr is >> incomplete. In the first case it returns no data, the second it returns >> the correct data for series 1, but nothing series 2. Looking at the >> ACLs in the returned results, these appear to be ok (they include >> ROLE_CN_201209_CMPT_111_03), so I'm guessing the query itself is bad or >> there's a permissions model error somewhere. The query looks like: >> >> q=*%3A*+AND+oc_organization%3Amh_default_org+AND+%28oc_acl_read%3AROLE_ANONYMOUS+OR+...+OR+oc_acl_read%3AROLE_CN_201209_CMPT_111_03+OR+...+AND+oc_mediatype%3AAudioVisual+AND+-oc_deleted%3A%5B*+TO+*%5D&rows=10&sort=oc_modified+desc&fl=*+score >> >> which looks right to me. Does anyone have a clue? This is a real >> bummer to find mid-term... >> >> G >> >> _______________________________________________ >> Matterhorn mailing list >> [email protected] >> http://lists.opencastproject.org/mailman/listinfo/matterhorn >> >> >> To unsubscribe please email >> [email protected] >> _______________________________________________ > > _______________________________________________ > Matterhorn mailing list > [email protected] > http://lists.opencastproject.org/mailman/listinfo/matterhorn > > > To unsubscribe please email > [email protected] > _______________________________________________ >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
