> > Bug

Project role rights violation?

Summary

open
May 9, 2007
May 9, 2007 / krisp
Jan 5, 2009 / phsouzacruz
pixtur
 

Attached files

Summary
Project role rights violation.doc
807424 bytes / ID 5083 / May 9, 2007
Show Details
 
It is hard to explain without testing project. I think we should make separate test project on http://www.streber-pm.org to show what's going on (see file Project role rights violation.doc). We could use it in many other cases instead of making screenshots. Thus, we could test bugs in generic environment (zero language and own code changes problems which are noisy for investigation).

Issue report

Crash
Always
FireFox 2.0.0.3
0.7991
Tasks not visible for certain roles in project (e.g. client, guest), according to , are shown in history and viewable from there.

For example. Task in client editable space not appears on task list but only in history and is achivable only from there. Furthermore, I could not set status to open, because error occurs:
A fatal error occured
maximum page recursions reached! (taskEditSubmit,taskView,taskView,taskView,taskView,taskView,taskView,taskView,taskView,taskView,taskView)
Sorry, but streber aborted.

If you are the administrator of this installation, 
please help use by sending the errors.log.php file to
www.streber-pm.org

from errorlog.log

Error 20070509144030 ERROR: std/class_pagehandler.inc.php : 718 maximum page recursions reached! (taskEditSubmit,taskView,taskView,taskView,taskView,taskView,taskView,taskView,taskView,taskView,taskView)
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_view.inc.php :  40 -> PageHandler::abortWarning("invalid task-id", int3)
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> TaskView()
Error 20070509144030 std/class_pagehandler.inc.php : 620 -> PageHandler::show("taskView", [1])
Error 20070509144030 std/class_pagehandler.inc.php : 786 -> PageHandler::showFromPage()
Error 20070509144030       pages/task_more.inc.php : 819 -> PageHandler::abortWarning("invalid task-id")
Error 20070509144030 std/class_pagehandler.inc.php : 729 -> taskEditSubmit()
Error 20070509144030                     index.php : 206 -> PageHandler::show("taskEditSubmit")
Error 20070509144030 
Error 20070509144030      Variables in show():
Error 20070509144030                            id = taskView
Error 20070509144030                        params = Array
Error 20070509144030                   fn_argument = NULL
Error 20070509144030                          auth = OBJECT
Error 20070509144030                     user_name = Klient
Error 20070509144030                       crawler = NULL
Error 20070509144030                        handle = OBJECT
Error 20070509144030              keep_cur_page_id = taskView
Error 20070509144030                 keep_cur_page = OBJECT
Error 20070509144030                           tmp = 23969a8b247ccb3d9f55bb899c9ad516
Error 20070509144030    v0.07991, taskView, from 10.1.3.195,  uri:/streberpm/index.php
Error 20070509144030 
If task is not visible for certain role, shouldn't be visible in history too and, first of all, not achivable in any case.
 

12 Comments

krisp:BTW

10 years ago (2. update 10 years ago)

going to attached file here, you get:
  • in Version 1 Type application/octet-stream
  • in Version 2 Type application/msword
although previously that was also MSWord.

I think it is a bug.

pixtur:Antwort auf BTW

10 years ago

Are you sure. I couldn't reproduce the mime-type problem. It seems to work for other mime types just fine.

krisp:Reply to Antwort auf BTW

10 years ago (5. update 10 years ago)

Did you check this out?: Project role rights violation.doc

BTW. Why syntax # 5083 doesn't work? See Project role rights violation.doc

pixtur:Antwort auf Reply to Antwort auf BTW

10 years ago

This might be caused by

krisp:I forgot to mention...

10 years ago (2. update 10 years ago)

that I've signed out client "Klient" from the project and then signed him again in. I think this maybe the cloo.
Related items?:

pixtur:I have to check this one, when I have a litte bit more time.

10 years ago

Should be fixed before v0.08

pixtur:Lots of questions

10 years ago

I had a look at the problems you described above. Both are very serious issues. Actually all tasks are checked by the function Task::getVisibleById() and Task::getEditiableById(). The second one fails when editing the task, so it sends the PageHandler back to taskView which also fails because the Task is not visible. So it is totally weird the client can see the task in the first place. I cannot reproduce this situation at my installation, so I have a lot of requests:
  1. Please, before doing screenshots, change your language to English. Although may Polish could need some improvement, this is not the best moment for training.
  2. Can you reproduce this bug at the online demo? http://www.streber-pm.org/demo/ ? We have some clients, project managers etc as well. I can create an account with admin-rights if necessary.
  3. Did you do any local adjustments to the code? The Pageorder (the tabs in the subnavigation) in your screenshot look weird. But that could be my Polish.
  4. What was the precise right situation?
    • Client-Profile
    • Client-Rights
    • Client-Role in the project
    • Public-level of folder
    • Public-Level of our bogus task
  5. Was it a Task or a Documentation Topic?
  6. Was there any assignments involved?
  7. Who created the tasks (the client or the PM)?
I think, I could fix this error quickly, if you can reproduce it at the demo installation.

krisp:Reply to Lots of questions

10 years ago (6. update 10 years ago)

Ad.1. Changing language gives you nothing, because inputed data were in Polish. Unfortunately, I've notice problem on my production instance while work was in progress :(

Ad.2. Yes, until Maintenance mode end.

Ad.3. Yes. Page order was changed but what's the difference? All my changes were feel&look only (generating HTML - no database ops).

Ad.4. This was Client with default rights (can login, can edit profile) and client project role. All folders were public but tasks in it were as many as access spaces (6). So there were 6 public folders with 36 tasks together.

Ad.5. There were only tasks. No docs.

Ad.6. Yes. Tasks were assigned to the persons according access spaces they can see and tasks were published.

Ad.7. PM.

pixtur:Antwort auf Reply to Lots of questions

10 years ago

hmm.. weird. Maybe you can reproduce it at www.streber-pm.org/demo/ this would really help me.

krisp:Admin can see everything?

10 years ago

Even private space?

pixtur:Antwort auf Admin can see everything?

10 years ago

yes.

krisp:I'm unlucky

10 years ago (2. update 10 years ago)

or there are permanent maintenance mode at http://www.streber-pm.org/demo/ ?
I think is a critical error you shouldn't release v0.08 with.