Item11885: Ambiguous Foswiki ACLs confuse MongoDB ACL cache

We just had some trouble opening up a web to WikiGuest.

• FungiMap/Taxa/WebPreferences had ALLOWWEBVIEW = FungiMapGroup, DENYWEBVIEW = WikiGuest
  • FungiMap/Taxa/BDRS/WebPreferences had ALLOWWEBVIEW = WikiGuest, no DENYWEBVIEW set
    • FungiMap/Taxa/BDRS/<all topics> had

      %META:PREFERENCE{name="DENYTOPICVIEW" title="DENYTOPICVIEW" type="Set" value=" "}%

This search (on FungiMap/Taxa/BDRS/BDRSGrid) would show topics for admin users, but not wikiguest:

%SEARCH{
   "1"
   type="query"
   web="FungiMap/Taxa/BDRS"
}%

WikiGuest was able to directly view Eg. FungiMap/Taxa/BDRS/Amanita_austroviridisBDRS but this topic would not appear in SEARCH results.

We were able to get WikiGuest to see SEARCH results after setting FungiMap/Taxa/BDRS/WebPreferences with an empty DENYWEBVIEW setting, and removing the empty DENYTOPICVIEW META:PREF from individual topics.

-- PaulAlexander - 22 May 2012

To clarify, in addition to clearing DENYWEBVIEW in the web's WebPreferences, it seems that the space in the value as here:

%META:PREFERENCE{name="DENYTOPICVIEW" title="DENYTOPICVIEW" type="Set" value=" "}%

prevents MongoDBPlugin from showing such a topic in the results, whereas

%META:PREFERENCE{name="DENYTOPICVIEW" title="DENYTOPICVIEW" type="Set" value=""}%

Correctly includes a topic set this way in the search results

-- PaulAlexander - 22 May 2012

Commenting is disabled while not logged in