Closed (fixed)
Project:
Revisioning
Version:
6.x-3.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
28 Jun 2012 at 21:26 UTC
Updated:
23 Apr 2013 at 01:10 UTC
Jump to comment: Most recent file
I created a revision of a page and published it in the future. Prior to the date and time that I had set for the revision to be published I deleted that revision. The following day I received a phone call that anonymous visitors were seeing "Access Denied" when trying to view any node content. I checked the log entries and it says "Published rev # of" after execution of the revisioning scheduler from Elysia Cron. So, it looks like when a node revision is deleted the scheduler tables aren't getting updated or perhaps the scheduler code should perform some checks one or the other or both. I had to rebuild node permissions site wide to get up and running again. I am able to duplicate the behavior on my staging server as well as our live site. Please let me know if there is any information that would be helpful for others in attempting to replicate/fix this issue.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | revisioning-delete-scheduler-entry-1664786.patch | 779 bytes | progga |
| #2 | revisioning-deleted-revision-1664786-2.patch | 1.12 KB | brucesdad13 |
| #1 | revisioning_scheduler-deleted-revision-1664786-1.patch | 1.02 KB | brucesdad13 |
Comments
Comment #1
brucesdad13 commentedHere's a patch that at least prevents the permissions getting hosed. The revisions view still needs updating so that it doesn't display an orphaned revision.
Comment #2
brucesdad13 commentedOops... created last patch with subversion from a different repository. Trying again with git patch.
Comment #3
progga commentedWe had a similar trouble few days ago. Although in our case, all private nodes became public which may be opposite to what happened to corezion.
This problem occurs because when revisioning_scheduler_cron() calls _revisioning_publish_revision() with a nonexistent node revision's nid and vid, _revisioning_publish_revision() passes an empty node to node_access_acquire_grants(). node_access_acquire_grants() then adds the following record to the node_access table: nid=0; gid=0; realm=all; grant_view=1. The presence of this record will override all other records and turn all private nodes into public.
The attached patch should remove entries from the revisioning_scheduler table when a node revision is deleted. That should stop incorrect manipulation of the node_access table.
Please note that the attached patch only deals with the revisioning_scheduler module. Besides this, the _revisioning_publish_revision() function should itself check for the presence of empty nodes before trying to do anything on the node. There are quite a few more functions which should do that too. So may be it is better left for the module author.
Thanks,
Adnan
Comment #4
brucesdad13 commentedYes, exactly =)
Comment #5
buddaAny joy on pushing this in to the module as a final release?
We've had the patch running since July '12 on a public site.
Comment #6
rdeboerD6 is approaching end of life. 6.x-3.16 will be the final release indeed....
Coming up!
Comment #7
rdeboerPatch from #3 applied to 6.x-3.x branch. Thanks progga!
Rik