[MAGNOLIA-1605] Anonymous user requires read access to config in order to display pages on public instance Created: 25/Jun/07  Updated: 23/Jan/13  Resolved: 27/Jun/07

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 3.1 M2

Type: Bug Priority: Major
Reporter: zam6ak Assignee: Philipp Bärfuss
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

3.1-SNAPSHOT


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

AggregatorFilter redericets to a 404 error when anonymous user tries to access the public instance.
However, after logging into the public instance the pages show without any problems.

After debugging this with Sameer, we noticed that giving anonymous role a read only access to CONFIG repo resolves the issue; however this is not the right solution since anonymous role should not have any access to config repo.

  • workaround:
    • add read only access to anonymous role on config repo
  • "easy" fix:
    • change the anonymous role public bootstrap file to contain the above fix
  • correct solution:
    • looks like access in filters is done using Magnolia Context which checks permissions and has a misleading error (404 instead of ???)...Perhaps System Context should be used if no side effects exist.

Sameer has seen this issue as it occurs (using web ex) and is familiar with it.

Regards
Amir



 Comments   
Comment by Philipp Bracher [ 27/Jun/07 ]

fix committed

Generated at Mon Feb 12 03:28:32 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.