incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Janne Jalkanen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (JSPWIKI-352) page ACLs seem to get mixed up in special cases
Date Wed, 20 Aug 2008 20:56:44 GMT

    [ https://issues.apache.org/jira/browse/JSPWIKI-352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12624133#action_12624133
] 

Janne Jalkanen commented on JSPWIKI-352:
----------------------------------------

Sure.

Whenever we use the InsertPageTag to insert another page (e.g. the LeftMenu) we render it
in the context of the actual page which is requested. That is, if you ask for "Main", the
WikiContext contains then "Main" - but since we'll also render LeftMenu and all these other
pages, they are rendered in Main's context.  This is the magic which allows e.g. ReferringPagesPlugin
to work in the LeftMenu without any special references - it just grabs the context.getPage()
and sees that it is in the Main context, so it asks for referrers to Main instead of LeftMenu.

However, in some cases it is not a good idea that the definitions in the included pages refer
to the master context.  If you have something which must not leak outside, that is, affect
the Main page in our example, then you must use the realPage, which always refers to the real
page on which a particular plugin/variable setting/etc resides on.

So, in our example, when we are rendering Main page content, page = Main; realPage = Main.
 When we render the LeftMenu, still within the same request, page = Main; realPage = LeftMenu.

I've tried to explain this in the getRealPage() javadocs, but I get confused too sometimes.

> page ACLs seem to get mixed up in special cases
> -----------------------------------------------
>
>                 Key: JSPWIKI-352
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-352
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Authentication&Authorization
>    Affects Versions: 2.7.x
>            Reporter: Florian Holeczek
>             Fix For: 2.8
>
>         Attachments: JSPWIKI-352.patch
>
>
> As reported on the mailing list before, I had some weird issues with pages getting uneditable
as if by a ghost's hand.
> I was able to reproduce this error finally like following:
> Insert the page ACL "allow view all" to the page named "EditPageHelp" (and verify there's
no other ACL).
> Seems as if editing an arbitrary page after this, the page ACLs of the page to be edited
and the EditPageHelp are getting mixed up somehow. The result is, that pages aren't editable
at all (although they should be), or that there's an error while saving the changes ("you're
not allowed to do that, better luck next time") and the page becomes uneditable from this
moment on.
> I didn't track it down to the source code, but I think this will be quite easy now.
> Also, I didn't test older releases, only the 2.7.x (current trunk).
> Interesting to see that some pages only become uneditable only after trying to edit them,
while others are uneditable from the beginning on. Maybe the pattern can be checked while
debugging in order to get some hints for JSPWIKI-27.
> Happy debugging!

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message