Strange access control behaviour

Next topic

Author	Message
Eirik Alfstad Johansen	Thursday 04 March 2004 12:57:52 pm Hi, Some of the users of my site have reported some strange behaviour related to access control. I've created a class called "Web site to be monitored" where users can store web sites which will be monitored by a script in an extension. After creating the class, I appended the following rules to the guest account role: content create Class(Web site to be monitored) content edit Class(Web site to be monitored) , Owner( Self ) content read Class(Web site to be monitored) , Owner( Self ) content remove Class(Web site to be monitored) , Owner( Self ) This should make sure that users can only view, edit and delete their own monitored web sites. I then use a fetch() function in a template to fetch a list of all the web sites currently monitored. The strange behaviour is that some users have reported that the web sites of other users are appearing in this list when they're logged in. However, when they visit the printerfriendly version of the list, their own web sites appear. Also, when I create a guest account at my end through the same interface, only the web sites created by myself appear in my list. Does this make any sense to anyone. What could I be missing? Thanks in advance ! Sincerely, Eirik Johansen Sincerely, Eirik Alfstad Johansen http://www.netmaking.no/
Paul Borgermans	Thursday 04 March 2004 1:05:32 pm Hi Eirik Happened only in older release (3.1) with me (bugs fixed now) and when it is wrapped in cache blocks with a not so good key or syntax errors in cache blocks. What version are you referring to? regards -paul eZ Publish, eZ Find, Solr expert consulting and training http://twitter.com/paulborgermans
Eirik Alfstad Johansen	Thursday 04 March 2004 1:50:02 pm v. 3.3 Sincerely, Eirik Alfstad Johansen http://www.netmaking.no/
Georg Franz	Thursday 04 March 2004 4:18:55 pm Hi Eirik, unfortunatelly it's a "known, open bug", the content view caching doesn't support the policy "self-edit" yet. Have a look at: http://ez.no/community/bug_reports/security_risk_caching_problems_session_problems Kind regards, Emil. Best wishes, Georg. -- http://www.schicksal.com Horoskop website which uses eZ Publish since 2004
Eirik Alfstad Johansen	Friday 05 March 2004 12:07:10 am Thanks for the heads up, Emil ! Sincerely, Eirik Johansen Sincerely, Eirik Alfstad Johansen http://www.netmaking.no/

eZ debug

Timing:	Jan 19 2025 04:20:08
Script start
Timing:	Jan 19 2025 04:20:08
Module start 'layout'
Timing:	Jan 19 2025 04:20:08
Module start 'content'
Timing:	Jan 19 2025 04:20:09
Module end 'content'
Timing:	Jan 19 2025 04:20:09
Script end

Main resources:

Total runtime	1.2091 sec
Peak memory usage	4,096.0000 KB
Database Queries	65

Timing points:

Checkpoint	Start (sec)	Duration (sec)	Memory at start (KB)	Memory used (KB)
Script start	0.0000	0.0055	589.1641	152.6250
Module start 'layout'	0.0055	0.0041	741.7891	39.4453
Module start 'content'	0.0096	1.1980	781.2344	608.5156
Module end 'content'	1.2076	0.0015	1,389.7500	16.1563
Script end	1.2091		1,405.9063

Time accumulators:

Accumulator	Duration (sec)	Duration (%)	Count	Average (sec)
Ini load
Load cache	0.0033	0.2744	16	0.0002
Check MTime	0.0015	0.1210	16	0.0001
Mysql Total
Database connection	0.0006	0.0484	1	0.0006
Mysqli_queries	1.1458	94.7587	65	0.0176
Looping result	0.0006	0.0532	63	0.0000
Template Total	1.1756	97.2	2	0.5878
Template load	0.0021	0.1740	2	0.0011
Template processing	1.1735	97.0554	2	0.5868
Template load and register function	0.0001	0.0083	1	0.0001
states
state_id_array	0.0009	0.0764	1	0.0009
state_identifier_array	0.0024	0.1972	2	0.0012
Override
Cache load	0.0018	0.1510	41	0.0000
Sytem overhead
Fetch class attribute can translate value	0.0007	0.0582	3	0.0002
Fetch class attribute name	0.0017	0.1413	8	0.0002
XML
Image XML parsing	0.0027	0.2266	3	0.0009
class_abstraction
Instantiating content class attribute	0.0000	0.0013	10	0.0000
General
dbfile	0.0024	0.1948	29	0.0001
String conversion	0.0000	0.0008	4	0.0000
Note: percentages do not add up to 100% because some accumulators overlap

Templates used to render the page:

Usage	Requested template	Template	Template loaded
1	node/view/full.tpl	full/forum_topic.tpl	extension/sevenx/design/simple/override/templates/full/forum_topic.tpl
5	content/datatype/view/ezimage.tpl	<No override>	extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tpl
5	content/datatype/view/ezxmltext.tpl	<No override>	extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tpl
8	content/datatype/view/ezxmltags/paragraph.tpl	<No override>	extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tpl
3	content/datatype/view/ezxmltags/line.tpl	<No override>	design/standard/templates/content/datatype/view/ezxmltags/line.tpl
1	print_pagelayout.tpl	<No override>	extension/community/design/community/templates/print_pagelayout.tpl
Number of times templates used: 23 Number of unique templates used: 6

Time used to render debug report: 0.0001 secs