Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Invalidation of page permission caches doesn't work on multi-process webservers #1423

Closed
kux opened this Issue Sep 12, 2012 · 0 comments

Comments

Projects
None yet
2 participants
Contributor

kux commented Sep 12, 2012

Environment:
django 1.3 or 1.4
django-cms 2.2 or 2.3
deployed on an apache2 configured to use mpm-prefork
CMS_PERMISSION = True
memcached used as a caching backend

Steps to reproduce:

  1. log in as a superuser
  2. create a staff user
  3. give the previously created user the rights to edit/add/delete on some part of the page hierarchy
  4. logout and login as the previously created user
  5. add a child to one of the pages you have access to and click 'save and continue editing'
    EXPECTED:
    you continue editing your page
    ACTUAL:
    Permission denied

Basically the problem is that when a user adds a new page, all permission related caches should be cleared. However, because the cache doesn't get cleared, the newly added page doesn't appear in the user's permitted ids list.

Looking at cms.cache.permissions.py:

from django.core.cache import cache

permission_cache_keys = [] 
all_keys = []

def set_permission_cache(user, key, value):
    # store this key, so we can clean it when required
    cache_key = get_cache_key(user, key)

    if not cache_key in all_keys:
        all_keys.append(cache_key)
    if not key in permission_cache_keys:
        permission_cache_keys.append(key)
    cache.set(cache_key, value, settings.CMS_CACHE_DURATIONS['permissions'])

def clear_permission_cache():
    for key in all_keys:
        cache.delete(key)

'all_keys' is a global variable which is being appended to by the process who first sets the permission cache.

When adding a new page 'clear_permission_cache' gets called. However, because we're in a multi-process environment, we're most likely going to have a different process calling 'clear_permission_cache'. This other process has an empty 'all_keys' list, and thus it doesn't empty the cache...

This is very annoying as the user has to wait until the cache expires, which can be a verrrry long time :)

digi604 added a commit that referenced this issue Sep 20, 2012

@digi604 digi604 closed this Sep 20, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment