Users getting Security Violation when trying to access the gallery
Oldiesmann
Joined: 2005-05-18
Posts: 151 |
Posted: Wed, 2011-11-30 05:57 | |||
I recently released a new version of SMF+G2 which includes a few new features, and now I'm having a huge problem here. New gallery users are getting "security violation" messages when trying to access other users' albums and even the main gallery, even though there's nothing blocking them from doing so. I have gone through my code and cannot figure out what's going on, but it's happening on at least two different sites, so I'm wondering what I may have done wrong. The error message from the event log is this: Quote:
Error (ERROR_MISSING_OBJECT, ERROR_PERMISSION_DENIED)in modules/core/classes/GalleryView.class at line 368 (GalleryCoreApi::error) That's from a user trying to access their own user album. The album does actually exist, and I can access it just fine as an administrator. System information: Quote:
Gallery URL = http://galleryproject.oldiesmann.us/gallery2/main.php Any suggestions? I've attached my Gallery.php if it's any help. As I said, this only seems to happen to users who register in the gallery for the first time after I've updated this - anyone who was already a gallery user prior to the update doesn't have this problem. I've already verified that the IDs are correct in SMF's members table too. A user on another forum where this problem occurs said they get the same error if they try to access the gallery directly (instead of embedded).
|
||||
Posts: 8339
Missing object is probably referring to the externalId
Process:
New user created in your CMS
New User created in Gallery
Retrieve new User from Gallery by userName
add externalIdMap for CMS User <-> Gallery User
GalleryEmbed::addExternalIdMapEntry($CMSUser, $GalleryUser->getId(), 'GalleryUser')
Always remember to commit changes when using GalleryEmbed by executing GalleryEmbed::done()
-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2
Posts: 151
That's already been done by the time they're getting this error. In the example I provided above, the user's user album has already been created (which can't happen if they don't have an account obviously), and they're getting that error while trying to access their own user album. Some users are able to get to their user albums but get that error while trying to access other parts of the gallery.
If it were a missing user account, it would just throw ERROR_MISSING_OBJECT with the ID of the missing object and would also say that it was a user that was missing.
---------------------
The Oldiesmann
SMF Marketing Team member
SMF+G2 Integration Project - 1.0 now available! (Supports SMF 2.0 and higher, released 11/17/
Posts: 8339
permission denied makes me think gallery does know who the user is. Are you initializing gallery w/ the externalId? ie.
GalleryEmbed::init(array('embedUri'=>'/media/index.php', 'g2Uri'=>'/gallery2/', 'loginRedirect'=>'/users.php', 'activeLanguage'=>'en_GB', 'activeUserId'=>$CMS_uid, 'fullInit'=>true))
-s
FlashYourWeb and Your Gallery with The E2 XML Media Player for Gallery2
Posts: 151
It's actually happening after the initialization has been finished. It's basically saying that the user doesn't have access to view the gallery, even though they should.
Because I had more time to look at this today, I think I may have finally gotten to the bottom of the issue.
We've actually had problems on two different forums...
On my forum, where the user couldn't view their own user album, they had limited permissions on that album despite being the owner. I've changed it so that they have the standard "all access" on that one and will check my settings to ensure I've got it set up properly.
On the forum where users couldn't view anything but their own albums, I'm thinking it may be a membergroup issue. I have the forum set up to copy all groups and group membership over to the gallery, so the admin can set gallery permissions based on a user's status in the forum. On that gallery, the "Everybody" group had the "[core] View all versions" permission, but none of the other groups (the ones copied over from the forum) had any permissions at all.
I have since added permissions for all of those groups and am awaiting confirmation from the users to see if that fixes anything. I'm also going to be digging through my code a bit more to see if I might have changed something somewhere along the lines that would have affected that (the forum in question has had the integration set up for some time now, and users reported that it started happening after a forum upgrade I did a couple months ago).
---------------------
The Oldiesmann
SMF Marketing Team member
SMF+G2 Integration Project - 1.0 now available! (Supports SMF 2.0 and higher, released 11/17/