Permission restriction doesn't work

robin_shi · July 22, 2007, 11:04pm

Hi,

I have had this problem twice. The read permission for an asset doesn't work. I disabled the public read permission for a page, and referred this page by the asset ID in a link, but when the link was clicked, the restricted page appeared directly without log in window. I was quite sure I had logged off, also cleared the cookies and temp files for the browser.

So in that link I changed the asset ID to one of the web path, so the log in window appeared. Why?

This time only the secured connection (https://) works.

May I have some help on that?

:P’ /> <img src=‘http://forums.matrix.squiz.net/public/style_emoticons/<#EMO_DIR#>/tongue.gif’ class=‘bbc_emoticon’ alt='

Many thanks,

Robin

gsherwood · July 22, 2007, 11:12pm

Are you viewing pages through a proxy server (like Squid)? Squid will cache the page as the user who viewed it last and will not check Matrix permissions.

The other thing to check are the other permissions set on the page. Does the public user have write or admin access to the asset? Is the public user inside a group that has read, write or admin access?

robin_shi · July 23, 2007, 12:12am

Fixed. So the solution is,

Wait, until the Squid proxy refreshes.

:lol:’ /> <img src=‘http://forums.matrix.squiz.net/public/style_emoticons/<#EMO_DIR#>/laugh.gif’ class=‘bbc_emoticon’ alt=':lol:

Thank you Greg!!!

gsherwood · July 23, 2007, 2:02am

No problem.

Avi_Miller · July 23, 2007, 3:09pm

[quote]Fixed. So the solution is,
Wait, until the Squid proxy refreshes.[/quote]

Or, configure Squid not to cache URLs with ?a= in them, so that this never happens.

robin_shi · July 24, 2007, 2:20am

I am very interested in this solution. How?

:P’ /> <img src=‘http://forums.matrix.squiz.net/public/style_emoticons/<#EMO_DIR#>/tongue.gif’ class=‘bbc_emoticon’ alt='

Raena_Armitage · July 25, 2007, 5:22am

With Squid you can use no_cache to tell it not to cache stuff matching a particular string.

[post=“9608”]From here:[/post]

[quote]In your squid.conf:

    acl QUERY urlpath_regex cgi-bin _edit _admin _nocache __lib __fudge
    
    no_cache deny QUERY

And then Squid will stop caching anything with the /_nocache option.[/quote]

robin_shi · July 25, 2007, 11:26am

[quote]With Squid you can use no_cache to tell it not to cache stuff matching a particular string.

[post=“9608”]From here:[/post][/quote]

Thank you, but I reckon only system administrator can do that.

Avi_Miller · July 25, 2007, 3:42pm

Correct. You would need to get your system administrator to change the configuration of Squid.