Permissions somehow not working
Twilek
Joined: 2003-05-30
Posts: 73 |
Posted: Thu, 2009-06-25 21:30 | |||
Hi all, somehow permissions do not seem to work in my gallery installation. I wanted to migrate the userbase of my gallery 2 installation and then add the pictures manually. So I started to an gallery 2 import, waited for the user and group import to finish and then cancelled the process. The users and groups show up nicely in the gallery3 Settings and can be configured. I then added pictures as an admin. That also worked fine. When I wanted to fine tune the permissions and tried to login as a user I got the attached screen, no matter whether albums where allowed for that user (even not those allowed for "Everyone", those show up alright when no one is logged in) and no matter what user I tried. I can set the permissions any way I like, pictures only show up when being logged in as an admin or not being logged in at all (then only albums visible for everyone). Checking the logs I found some suspicious looking entries in the gallery 3 log " error: Uncaught Exception: @todo FORBIDDEN in file modules/gallery/helpers/access.php on line 176". The search function doesn´t work either BUT in the resulting empty search the random image block with an image shows up. Clicking on that will produce the image. The "next" and "previous" button then work. The breadcrumb navigation is shown correctly, but clicking on any album name will produce the empty screen again. It seems the album view doesnt work, while the single image view works just fine. I tried to create a test user and a test group in gallery itself it case somehow the gallery2 users where flawed, but that didn´t work, same grey screen. Anyone else with similar problems (or yet better with a solution )? Regards Henning
|
||||
Posts: 7994
Can you see if you can reproduce this with the latest code? (see my link below)
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
I did a git update and ran the updater. I then opened the page in Firefoxes new private mode (so no old cookies or cache) and the problem persisted. Gallery and apache logs showed nothing. I attached my phpinfo.
Posts: 7994
Can you provide us with a link to your Gallery 3 please?
So if you allow everybody to view all albums it works fine, but as soon as you restrict it so that guests can't see your photos, it stops working for everybody? It sounds like your system is not accepting the .htaccess restrictions. Please provide a screenshot of your "Edit Permissions" dialog, and also check your Apache2 error logs for errors.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
Hi Bharat,
I have sent you the link to my gallery via pm. Attached is the permissions for my main gallery.
Posts: 73
Disabling notifucation module has solved the problem.
Posts: 52
Yes, I had exactly that same problem -
- when no one logged then the album with view permissions for Everyone showed up
- when a member logged in, then nothing but the top grey title bar showed up
Your solution (disabling the notification module) fixed it for me too.
Thank you (and let's hope the bug in 'notification' is easy to fix).
~Andrew~
---
http://Reeves-Hall.net
http://WhitchurchForums.org.uk
Posts: 52
...unfortunately another permission problem has just occurred (using latest code from last night).
- logged in as a particular (non-admin) user
- a random image was shown which I know is in an album that the user didn't have permission to see
- clicked on that random image and saw it!
- clicked on the album name (top of screen) in which it was stored
- got a "Dang... Something went wrong!" message
- clicked back button to see image again
- clicked logout
- image remained on screen
~Andrew~
---
http://Reeves-Hall.net
http://WhitchurchForums.org.uk
Posts: 7994
@AndrewRH: Don't change anything. Send me an email at
with your G3 url and admin password and tell me how to reproduce the problem. To fully diagnose this, I will likely require either phpMyAdmin or shell access on your box so that I can poke at the database and data files. thanks!
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
Same problem here with latest GIT Code.
Posts: 7994
@Twilek: above you said that diabling notification fixed your problem.. can you describe what you're seeing now?
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
I haven´t reenabled notification yet, but have witnessed the same problem as AndrewHW, namely that the image block showed pictures for which the user had no permission to view and could view them full scale by clicking on them. As I have to use the gallery intensively at the moment and didn´t want to risk breaking things, I disabled the image block as well which more or less has solved the problem for now.
Posts: 7994
I need more data before I can figure out what's going on here. Can you send me the details for one of the photos which showed up in the random image block which is not supposed to be visible? It would also help to know the item id and a dump of the item, access_caches and access_intents tables. A dump of your entire database, (truncate the g3_caches table first) would probably let me sort it out.
An inspection of the code shows that the image_block module is using the right security APIs, so it's unclear to me what's going wrong.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 7994
Also can you guys verify that you weren't logged in as an admin at the time? Remember that the image block is sensitive to who's logged in.
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
Alright of course I wasn´t able to reproduce the effect. But by trying some other things popped up (When I encounter the permission problem again I will report).
Notifications will still break my gallery.
I was logged in as admin in a Firefox browser. I opened a IE and got this (look at the breadcrump navigation, clicking on the IMG Links produced a "Dang...").
Server add seems to work much better now.
Posts: 52
I have emailed you a very large email (lots of attachments).
No one is logged in when the problem occurs.
It may be that restricted access albums within albums is the culprit. I have not yet seen a random image shown from a restricted-access album that is directly under 'gallery'.
~Andrew~
---
http://Reeves-Hall.net
http://WhitchurchForums.org.uk
Posts: 27300
Twilek, I have seen this before but have been able to follow steps to reproduce.
See if you can.
Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team
Posts: 73
Reproducing the breadcrumb error is not difficult as I cannot get it to go away in the first place. I PMed you the link to my gallery so you can see for yourself.
Posts: 7994
@Twilek: wow that's pretty weird. Can you tell me what steps you did leading up to this? Anything unusual? Anything in your error logs? My guess is that your database is corrupted. It's fixable, but I'll probably have to write a new maintenance task to take care of it. Can I please have a dump of your database?
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
@bharat Not that I am aware of. It just started. The images that show up were uploaded by a user and then reordered and moved by me. I have sent you a database dump via email.
Posts: 7994
Ok, I have a clue as to what's going on with the permissions issue (thanks to hiwilson!). It would appear that when we move items, we don't properly update their permissions. AndrewRH was awesome enough to mail me his entire install and that let me verify that there's a quick workaround for this issue. All you have to do is edit permissions at the top level and toggle the "view" permission for the "Everybody" group and that'll fix it for the entire Gallery (until you move something else). I'm working on a fix now.
Twilek, your problem is next
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 52
@bharat: Wonderful news! Glad I could help in a small way.
I have noticed that the thumbnail used for the album containing the restricted-permissions album is one from the restricted-album. This means that when no one is logged in, guests will see a photo thumbnail from a restricted-album.
~Andrew~
---
http://Reeves-Hall.net
http://WhitchurchForums.org.uk
Posts: 7994
Ok, it took me a while but I fixed Twilek's issue also. I've created a new "rescue" module in gallery3-contrib that provides a new task that fixes up busted album/photo hierarchies. Twilek, I tested this out on the dump you mailed me and it worked fine. Took about 10 minutes total to fix everything, but I was aiming for correct, not fast.
Grab the module from here:
http://github.com/gallery/gallery3-contrib/tree/1ad1beac733cf14b871ff44263ea999a3ba1363e/modules/rescue
It should be totally safe-- it only modifies the left and right pointers (so if your tree is already messed up, it shouldn't make things any worse).
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 73
Thanks Bharat,
worked like a charm. The breadcrumb navigation looks clean again. The permission problem with the picture block hasn´t resurfaced so far. The problem with the notification module still remains (not that I really need the module but still).
Posts: 4
Hello bharat i have the same problem. I have moved a lot of albums around. I have tried your workaround but it didn't work for me (will try a bit more later on). But when i open page2 all albums are showing up (http://........../gallery3/index.php/?page=2). If i open page2 i get the first page of my gallery, if i open page3 i get the second page (with an admin account all works fine, above is only for a non admin).
Any suggestions on how to get the albums to show up for non-admin users beside the workaround which doesn't seem to work for me?
Posts: 4
I have attached a picture of my database where almost all the values for viewing etc. by the different groups contain NULL in the field access_intents.
Can anyone tell me if this is normal, and if this could be related to the above problem?
Thanks in advance.
Posts: 7994
@richard_1: what version of Gallery3 are you using? Please try with the latest code (see my link below).
---
Problems? Check gallery3/var/logs
bugs/feature req's | upgrade to the latest code | use git | help! vote!
Posts: 4
@bharat: I am using the latest official release. I have tried the experimental one (copied the files to my install dir including the var-dir), but i couldn't get it to work so i stayed with the official release. I used the /upgrader funtion to upgrade but the user permission problem remains. The strange thing is that i can only login with IE and not with firefox. Firefox does the check on username and password but doesn't let me login (if i give a wrong password it does tell me that the password isn't correct, so it does connect). I will PM you a link to my server so you can see what i mean.
@bharat: Forget about the link. I am formatting my server and will go back to gallery2 for the moment. Thanks.