You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There seems to be a bug in invenio 1.2
When a record is in a public collection in the global collection tree and restricted collection, while the latter is not in the collection tree, but guest is allowed to see records in this collection, this record will not be displayed in search.
How to reproduce:
Enable ´CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY = ANY`
Define a public collection in the collection tree (e.g. Public)
Define a restricted collection outside the collection tree (e.g. Unrestricted) with fireroll viewrestrcol allow any
Put a record in both collection
Now guest user should be able to view the record
Search for the record as guest user
The record is not displayed
This seemed due to a "short cut" in webuser.py and search_engine.py
A quick fix is:
in webuser.py
Which ensures that the user Object of the guest user gets a possible non empty precached_permitted_restricted_collections
In search_engine.py the code wrongly assumes that for a guest user precached_permitted_restricted_collections is always empty.
A fix here:
< permitted_restricted_collections = []
< ## For guest users that are actually authorized to some restricted
< ## collection (by virtue of the IP address in a FireRole rule)
< ## we explicitly build the list of permitted_restricted_collections
---
> permitted_restricted_collections = user_info.get('precached_permitted_restricted_collections', [])
> # For guest users that are actually authorized to some restricted
> # collection (by virtue of the IP address in a FireRole rule)
> # we explicitly build the list of permitted_restricted_collections and we make sure that these are used in the search engine`
Note:
The code
for coll in colls:
if collection_restricted_p(coll) and (acc_authorize_action(user_info, 'viewrestrcoll', collection=coll)[0] == 0):
permitted_restricted_collections.append(coll)
is not enough, since e.g. the restricted collection "Unrestricted" is not in colls
@tiborsimko and @kaplun: Does it help if I prepare a pull-reqest for this fix?
The text was updated successfully, but these errors were encountered:
The flag is there:
It is a consequence of #867
IHMO it should honor record_public_p as well (e.g. 786+ if (get_restricted_collections_for_recid(recid, recreate_cache_if_needed=False) and not record_public_p(recid)):
NB: record_public_p must be of of course imported again above
- webuser.py
Calculate allowed records by
`get_permitted_restricted_collections(user_info)` for guest users
also.
- search_engine.py:
honor `precached_permitted_restricted_collections` for guest users
Addresses inveniosoftware#3638
There seems to be a bug in invenio 1.2
When a record is in a public collection in the global collection tree and restricted collection, while the latter is not in the collection tree, but guest is allowed to see records in this collection, this record will not be displayed in search.
How to reproduce:
Now guest user should be able to view the record
The record is not displayed
This seemed due to a "short cut" in webuser.py and search_engine.py
A quick fix is:
in webuser.py
Which ensures that the user Object of the guest user gets a possible non empty precached_permitted_restricted_collections
In search_engine.py the code wrongly assumes that for a guest user precached_permitted_restricted_collections is always empty.
A fix here:
Note:
The code
is not enough, since e.g. the restricted collection "Unrestricted" is not in
colls
@tiborsimko and @kaplun: Does it help if I prepare a pull-reqest for this fix?
The text was updated successfully, but these errors were encountered: