Thanks to all for the work on this module.
I recently upgraded to 5.x-2.x-dev of October 8, 2007, I get the error "Error fetching album tree" with type gallery recorded repeatedly in the "Recent log entries" whenever the site is accessed by an unregistered user. I have checked access control in Drupal, and they are set properly to allow anonymous access. I looked through other modules' access control and can see nothing out of place.
These errors do NOT occur for a registered user.

CommentFileSizeAuthor
#13 gallery_menu_args.patch903 bytesprofix898

Comments

profix898’s picture

profix898 commented

I was able to track down the problem to a G2 method and it looks like a G2 bug to me. I will discuss the issue with some G2 devs to find a solution ...

edinjapan’s picture

edinjapan commented

Thank you for the response.
I am a bit surprised that this is a G2 bug, simply because I have been using G2 up till now without this error. For your information, according to the System Information system (under G2's Site Admin > Maintenance) I am running Gallery version = 2.2.1 core 1.2.0.1.
Thinking...thinking...
I obviously need to upgrade to 2.2.3...but it this the version you were able to repeat the bug on?
I will hold off upgrading for now. Let me know if you need to test anything.
Thanks again.

profix898’s picture

profix898 commented

The problem exists with the latest version of G2 as well. Some more background ...
For gallery menu generation we need the whole album tree from G2. To achieve this we are calling fetchAlbumTree() which takes 3 parameters: root album id, depth and user to check permission. I asked on irc #gallery how I can fetch the whole tree and not only the partial tree visible to the current user, the answer was to pass in the admin user id to fetchAlbumTree(). This works perfectly nice in most cases, but not for anonymous users (and if no other user is logged in). Here is why: fetchAlbumTree() makes sure that the current user has access to the root album (default album) by calling hasItemPermission(). However for guest users the userId is assumed 0 which obviously results in an access denied although 'everybody' is granted access to the root album. If I add three lines to this method to use the anonymous user id (instead of 0) everything works as expected.

Replace 

if (!isset($userId)) {
  $userId = $gallery->getActiveUserId();
}

with 

if (!isset($userId)) {
  $userId = $gallery->getActiveUserId();
  if (!$userId) {
    list($ret, $userId) = GalleryCoreApi::getPluginParameter('module', 'core', 'id.anonymousUser');
    if ($ret) {
      return array($ret, null);
    }
  }
}

in GalleryUserHelper_simple.class (modules/core/classes/helpers), hasItemPermission() line 60 to try what I mean.

edinjapan’s picture

edinjapan commented

Thank you for the detailed answer and the snippets.
I will go ahead and upgrade my site so as to get the security fixes, and watch for a longer term fix for the problem at hand.
I truly appreciate the work you are doing.

profix898’s picture

profix898 commented

I have crossposted this on gmc and the G2 issue queue (after discussion on IRC). In my experience it can take some time for someone to look at the issues. It's unlikely to see this fixed before Gallery 2.3 ...

However you can safely comment line 243 gallery_base.inc to suppress the message generated/logged by gallery_error(). Actually I'm thinking about a temporary solution until this is solved in G2 for the final release of 5.x-2.x.

profix898’s picture

profix898 commented
Status: Active » Fixed

I've just committed an update to the 5--2 branch which cleans up the init() calls for G2. We have to ensure a certain init sequence to get this right ... Marking the issue fixed and hoping for you to confirm ;) Thanks.

edinjapan’s picture

edinjapan commented

I can confirm that the beta 4 version (gallery-5.x-2.0-beta4.tar.gz) fixed this issue on my site.
Thank you profix898 for the responses and for all the hard work.

edinjapan’s picture

edinjapan commented
Status: Fixed » Active

Looks like I spoke too soon.
The way I tried to verify that beta4 was working before was simply to logout of my site. This action alone would lead to a plethora of errors on the older beta versions. However, beta4 seemed to be fine yesterday.
However, I check the log this morning "just to be sure", and some bots had managed to create some of the same "Error fetching album tree" errors. Examples are:

http://www.example.com/?q=node/134
This is just a "story" page. It has an embedded graphic, but not from G2. I have the "Random image" function working, so that shows on almost all pages.

http://www.example.com/?q=print/134
This is the "print" page for the same story above. (I use the printer-friendly pages module.)

http://www.example.com/?q=user/register&destination=comment/reply/127%23...
When I try to follow this, I get "access denied--probably because I have commenting turned off for anonymous users.

The above are just some examples of what the bots kicked up. However, when I did my usual "just log out" test, once again I was back to getting errors.
I verified that I really did have beta4 installed (i.e. that neither I had made a mistake nor my host had done a "rollback") and everything shows beta4. Note that I still am using version = 2.2.1 core 1.2.0.1 at this point.

I had high hopes last night as everything seemed fixed. Sorry to have to report that things are back to the way they were.
I will go ahead and change this back to "active".

profix898’s picture

profix898 commented

Can you please try the latest 5.x-2.x-dev version, the fixes for this error went in after beta4 was released! This is very tricky stuff, but after discussion with one of the main devs of G2 I thought we finally solved the problem ...

edinjapan’s picture

edinjapan commented
Status: Active » Fixed

My apologies. I saw the "new" beta 4 with a similar "bugfix" mentioned, and my brain homed in on that one.

I have now tried the file gallery-5.x-2.x-dev.tar.gz with a date of October 12, 2007 - 21:04. So far everything seems good with my normal tests. I'll change this to "fixed", but watch this for a day or so to see if the bots kick up anything. If they do, I'll post again later.
Thanks again for all the work.

edinjapan’s picture

edinjapan commented

A day has gone by, the bots have come--and I have exercised the site a bit myself. No errors!
Looks great. Thank you profix898 and also those on the G2 team that have been helping.

TheRec’s picture

TheRec commented
Status: Fixed » Needs work

There seems to be a problem when you try to use "Enable URL Rewrite mode" for the gallery_menu.module. When you are logged in there is no problem, but for anonymous (not logged) users each link is wrong, there is this string appended to the URL (that is right...but with this parameter it doesn't work) :
%3Fg2_GALLERYSID%3DTMP_SESSION_ID_DI_NOISSES_PMT
Now if I remove this from the URL I get to the right location and links inside the gallery works (they are right).

But it isn't just that, the tree structure isn't used for the menu generated by gallery_menu.module for anonymous users, but as soon as you're logged everything works fine.

There's another issue I noticed while testing this, when I'm browsing the gallery as anonymous, and I try to login it just redirects me to the same page but doesn't log me in, maybe it's not related and it should be noticed in another issue.

Thanks in advance.

profix898’s picture

profix898 commented
Status: Needs work » Needs review
StatusFileSize
new gallery_menu_args.patch903 bytes

Instead of removing the %3Fg2_GALLERYSID%3DTMP_SESSION_ID_DI_NOISSES_PMT part completely it also work if you manually decode the string to ?g2_GALLERYSID=TMP_SESSION_ID_DI_NOISSES_PMT. But its actually the Drupal menu system that encodes this piece and therefore prevents it from working correctly. So here is a patch that simply strips off this stuff, so that it doesnt show up in the url at all. I will need to check this limitation for Drupal 6, but for D5 I think we have to use this kind of workaround.

TheRec’s picture

TheRec commented
Status: Needs review » Fixed

Applied the patch and it works fine, stripping an not just decoding it is the right move in my opinon, it wouldn't look much like a "clean" URL with this parameter (withouth thinkin what it would do in terms of SEO) ;)

It also fix the hierarchy issue (so I guess Drupal uses path to build the hierarchy in this case).

The last issue (login issue) I reported is also fixed, so I guess I was right about thinking the issue was related to the same problem.

Thanks for this quick fix !

profix898’s picture

profix898 commented

Patch committed. Thanks for testing.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)