Permission Issues

[GoogleCodeExporter]

After updating to the new version with the more advanced permissions support i 
started experiencing different issues.

Doing the ./backend/update resulted a following error: " Error executing 
queries (UPDATE `mollify_parameter` SET value = '...): Duplicate column name 
'user_type' "
This seemingly did not stop Mollify from working, but several other problems 
did occur. 

Under admin interface, going to "Permissions" and hitting "Refresh" causes a 
Request Failed" error and from php error log i get: 

" Cannot access private property ServiceEnvironment::$configuration in 
C:\PATH_TO_MOLLIFY\MOLLIFY\backend\include\filesystem\FilesystemController.class
.php on line 324 ".

Another error: 
" MOLLIFY ERROR: ServiceException: INVALID_CONFIGURATION=Error executing query 
(select count(name) FROM mollify_permission WHERE 
permission.name='edit_description'): Unknown column 'permission.name' in 'where 
clause' "

Also the Permission menu seems to be having some translation missing, like: 
"!en:pluginPermissionsSelectItemTitle", "!en:pluginPermissionsSelectItemMsg". 
(Also a side note, i can't really figure out how exactly to use the Permission 
system, but that's just my bad, i was however able to configure the global 
settings so that's something at least.)

Second problem is that i can't use a WebDAV client anymore (CarotDAV), i can't 
create folders for example, php error log shows:

" PHP Warning:  mkdir(): Permission denied in 
C:\PATH_TO_MOLLIFY\MOLLIFY\backend\dav\lib\Sabre\DAV\TemporaryFileFilterPlugin.p
hp on line 75 "

and

" PHP Notice:  Undefined variable: pw in 
C:\PATH_TO_MOLLIFY\MOLLIF\backend\dav\mollify_dav.php on line 222 "

I am also unable to upload any file via the WebDAV client.

Original issue reported on code.google.com by Logic...@gmail.com on 27 Jan 2014 at 1:06

[GoogleCodeExporter]

Which database are you using? I'll check the update script if there's some 
duplicate modification etc.

But I'm sure there can be problems if the update was not successful.

Also there was indeed a simple typo in FilesystemController.class.php line 324:

            $this->env->configuration->cleanupItemIds($ids);

should be (ie. add "()")

            $this->env->configuration()->cleanupItemIds($ids);

what comes to the WebDAV, I did release new version: 
http://dl.bintray.com/samuli-jarvela/mollify/mollify_dav_2.4.zip

Google Code just removed the ability to offer the downloads anymore, so at the 
moment it's a bit mess. I'll see if I ditch the entire Google Code hosting.

I know there can be many issues with the new permission system, but I'll sort 
them out one by one.

Original comment by samuli.j...@gmail.com on 27 Jan 2014 at 7:45

[GoogleCodeExporter]

Sorry, i forgot to add, I'm using MySQL 5.6.
Also the new DAV version now wont let anyone log in again at all, resulting 
this in PHP Error Log: 

"PHP Notice:  Undefined index: a1hash in 
C:\PATH_TO_MOLLIFY\MOLLIFY\backend\dav\mollify_dav.php on line 245"

Perhaps a typo, but I'm not as skilled in coding to remove it myself.

Original comment by Logic...@gmail.com on 27 Jan 2014 at 10:29

[GoogleCodeExporter]

Apologies, here's a new version with these fixes: 
http://dl.bintray.com/samuli-jarvela/mollify#mollify_2.4.3.zip

I could not see any reason why the update would cause "duplicate column name" 
error, sounds like the update would be run twice, but did not see this happen 
on my server.

And the DAV, unfortunately you have to switch to basic auth for now (use 
$BASIC_AUTH = TRUE; in dav/index.php). Since the authentication rewrite, 
Mollify switched into more secure password hash. What digest auth (the 
alternative to basic auth in WebDAV) requires, is storing another much more 
weaker hash. This weaker hash would ruin the idea of the stronger hash, which 
is why I did not store it at all. But unfortunately I forgot to disable this 
until I find a better way to do it.

Original comment by samuli.j...@gmail.com on 28 Jan 2014 at 7:51

• Changed state: Accepted

[GoogleCodeExporter]

I am now getting the same thing with the Refresh button on Permissions page, 
this time i see in php error log:

MOLLIFY ERROR: PHP error #8, Undefined variable: db 
(C:\PATH_TO_MOLLIFY\MOLLIFY\backend\include\configuration\ConfigurationDao.class
.php:452)

About the DAV, i got the login working as you described, i am able to create 
folders and upload files, but i cannot delete anything from any directory 
anymore. PHP Error Log says:

PHP Warning:  mkdir(): Permission denied in 
C:\PATH_TO_MOLLIFY\MOLLIFY\backend\dav\lib\Sabre\DAV\TemporaryFileFilterPlugin.p
hp on line 75

and

PHP Fatal error:  Call to undefined method Mollify_DAV_Request::hasData() in 
C:\PATH_TO_MOLLIFY\MOLLIFY\backend\include\filesystem\FilesystemController.class
.php on line 119

Also i manually set in the database the Mollify version from 2_4 to 2_2 so i 
could test the update again, but i got the same error as before, the update 
did, however, change the version number back to 2_4 so i have no idea what's 
happening.

Original comment by Logic...@gmail.com on 28 Jan 2014 at 8:12

[GoogleCodeExporter]

One more typo. This case is related to cleaning up orphan data when one found 
(files deleted outside Mollify etc), which seems I haven't tested properly. 
Hopefully attached file fixes this, I have to test it myself when I have the 
time.

For the permission denied in WebDAV, this is not directly Mollify related. The 
TemporaryFileFilterPlugin is SabreDAV plugin 
(https://code.google.com/p/sabredav/wiki/TemporaryFileFilter), and it seems it 
tries to use some temporary folder.

More precisely this is the folder it tries to create: 
ini_get('session.save_path').'/sabredav/';

So it seems this folder is not writable in your system, and the plugin fails. I 
don't know what this folder is exactly, that path is somewhere in your server 
configuration. But if this is not necessary feature, you could disable this 
plugin with "$ENABLE_TEMPORARY_FILE_FILTER = FALSE;"

And the last error is related to action validation, where WebDAV request does 
not have the same interface. Attached copy of mollify_dav.php should fix that 
as well, but I'll test it also when I have the opportunity.

For the update, it is not enough to just drop the version number in db. If the 
changes were made in db structure, it will naturally fail if you run it again 
(you just fool the updater to think the update has not been done).

Sorry for all the hassle, and I appreciate your involvement.

Original comment by samuli.j...@gmail.com on 28 Jan 2014 at 9:19

Attachments:

• ConfigurationDao.class.php
• mollify_dav.php

[GoogleCodeExporter]

Great, it's working now again!

By the way, it seems it does not matter if i set the temporaryfilefilter to 
TRUE or FALSE, it works both ways now, after using the changes you made in the 
2 files.

Also, i now understand the permissions, because i see a lot more info and data 
over there now, before it was just mostly all blank, due to the bugs.

Anyway, great work as usual, thanks again!

Original comment by Logic...@gmail.com on 28 Jan 2014 at 11:42

[GoogleCodeExporter]

Original comment by samuli.j...@gmail.com on 19 Feb 2014 at 3:46

• Changed state: Fixed