On 12-10-19 04:07 AM, Tobias Wunden wrote:
> Greg, 
> 
> I take it that this is 1.3? I remember seing a ticket about a related issue 
> at some point, and I am wondering if this issue has been fixed for 1.4 but 
> not been backported to 1.3?

Nope, this is with 1.4/trunk.  Originally I was testing with rev 12978
(what I deployed with), but testing with HEAD gives me the same issue...

G

> Tobias
> 
> On 19.10.2012, at 00:31, Greg Logan <[email protected]> wrote:
> 
>> Hi folks,
>>
>> I think I have encountered an error in the way Solr is returning
>> results, but I don't know that subsystem all that well so I figured I
>> would bring it up on list and see if anyone ran into this.
>>
>> Basically, I have professors leading two classes (Series) with three
>> sections (ROLEs) of the class who should be able to view the videos
>> (sections 01, 03, 05).  I have the the following permissions setup:
>>
>> Series 1:
>>
>> ROLE_CN_201209_CMPT_111_01_LEADERS: View
>> ROLE_CN_201209_CMPT_111_01: View
>> ROLE_CN_201209_CMPT_111_03_LEADERS: View
>> ROLE_CN_201209_CMPT_111_03: View
>> ROLE_CN_201209_CMPT_111_05_LEADERS: View
>> ROLE_CN_201209_CMPT_111_05: View
>> ROLE_UID_GDL420: View
>> ROLE_ADMIN: View, Administer
>> Public: No access
>>
>> Series 2:
>>
>> ROLE_CN_201209_CMPT_111_01_LEADERS: View
>> ROLE_CN_201209_CMPT_111_01: View
>> ROLE_CN_201209_CMPT_111_03_LEADERS: View
>> ROLE_CN_201209_CMPT_111_03: View
>> ROLE_CN_201209_CMPT_111_05_LEADERS: View
>> ROLE_CN_201209_CMPT_111_05: View
>> Public: No access
>>
>> I'm using an LDAP server to provide group lookup, and the groups for the
>> affected users are correct.  The issue is that some users with
>> appropriate permissions cannot see any of the processed videos.
>>
>> The key here appears to be that Solr is returning bad data.  When I log
>> in as a user with ROLE_CN_201209_CMPT_111_03 and without ROLE_ADMIN or
>> ROLE_UID_GDL420 roles I do not see *any* videos at all.  Adding
>> ROLE_UID_GDL420 gets me access to the videos from Series 1, but not
>> Series 2.  Adding ROLE_ADMIN, of course, gives me access to everything,
>> but that's not feasible for deployed use.
>>
>> Looking at SolrRequester.java:126, the data returned from Solr is
>> incomplete.  In the first case it returns no data, the second it returns
>> the correct data for series 1, but nothing series 2.  Looking at the
>> ACLs in the returned results, these appear to be ok (they include
>> ROLE_CN_201209_CMPT_111_03), so I'm guessing the query itself is bad or
>> there's a permissions model error somewhere.  The query looks like:
>>
>> q=*%3A*+AND+oc_organization%3Amh_default_org+AND+%28oc_acl_read%3AROLE_ANONYMOUS+OR+...+OR+oc_acl_read%3AROLE_CN_201209_CMPT_111_03+OR+...+AND+oc_mediatype%3AAudioVisual+AND+-oc_deleted%3A%5B*+TO+*%5D&rows=10&sort=oc_modified+desc&fl=*+score
>>
>> which looks right to me.  Does anyone have a clue?  This is a real
>> bummer to find mid-term...
>>
>> G
>>
>> _______________________________________________
>> Matterhorn mailing list
>> [email protected]
>> http://lists.opencastproject.org/mailman/listinfo/matterhorn
>>
>>
>> To unsubscribe please email
>> [email protected]
>> _______________________________________________
> 
> _______________________________________________
> Matterhorn mailing list
> [email protected]
> http://lists.opencastproject.org/mailman/listinfo/matterhorn
> 
> 
> To unsubscribe please email
> [email protected]
> _______________________________________________
> 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Matterhorn mailing list
[email protected]
http://lists.opencastproject.org/mailman/listinfo/matterhorn


To unsubscribe please email
[email protected]
_______________________________________________

Reply via email to