[MULTISITE-63] Using site A prefix + node path from site B passes CrossSite filter Created: 01/Aug/16 Updated: 21/Dec/16 Resolved: 16/Dec/16 |
|
| Status: | Closed |
| Project: | Magnolia Multisite Module |
| Component/s: | None |
| Affects Version/s: | 1.2.3 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major |
| Reporter: | jessica nash | Assignee: | Ilgun Ilgun |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | Timeboxed | ||
| Remaining Estimate: | 0d | ||
| Time Spent: | 0.25d | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||||||||||||||
| Issue Links: |
|
||||||||||||||||||||||||
| Template: |
|
||||||||||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||||||||||
| Bug DoR: |
[ ]*
Steps to reproduce, expected, and actual results filled
[ ]*
Affected version filled
|
||||||||||||||||||||||||
| Documentation update required: |
Yes
|
||||||||||||||||||||||||
| Date of First Response: | |||||||||||||||||||||||||
| Sprint: | Basel 74 | ||||||||||||||||||||||||
| Story Points: | 8 | ||||||||||||||||||||||||
| Description |
|
To reproduce (following setting is for 5.4.5 STK, but it is also reproducible on higher Magnolia versions):
Notes
|
| Comments |
| Comment by Philip Mundt [ 08/Aug/16 ] |
|
I was able to reproduce this behaviour. Only the first (root) node of any page in the website workspace is accessible (if everything is setup accordingly). This is due to the default URI2RepositoryMapping resolving (and obviously finding) the node path to the respective node. Any subsequent link will result in a 404 (STK sites need to be modified in order to achieve this). Possible solution would involve not resolving a node in info.magnolia.multisite.MultiSiteURI2RepositoryManager when given path is mapped to a different site (not the one that was resolved). |
| Comment by Philip Mundt [ 13/Dec/16 ] |
Cross-site access via <sitename> prefixAdd custom resolvers to crossSite filter that a) Prevents access from allToAll Works when accessing the root page (/<sitename>) of the page only NOTE: Adding such resolvers will however break admin / page editor as access from allToAll doesn't work anymore. But there is a feasible workaround for this particular scenario, which is adding another resolver such as: d) Allows access from domainAuthor to .* (any site) Even after renaming the sites to have sitename that differ from the root nodes, the solution still works. E.g. __siteA vs. node:siteA |
| Comment by Jaroslav Simak [ 16/Dec/16 ] |
True, that should be fixed by those tickets you mentioned. |
| Comment by Martin DrĂ¡pela [ 21/Dec/16 ] |
|
Elaborating on Philip's comment above, the following procedure worked to allow the author access and edit the "opposite" pages:
It is nevertheless rather difficult to describe a solution suitable for everyone as there will be a number of server (Author/Public) configurations out there. |