View Issue Details

IDProjectCategoryView StatusLast Update
0006410OXID eShop (all versions)4.08. Cachepublic2017-06-29 11:36
Reporterhendrikfreytag 
PriorityhighSeveritymajorReproducibilityalways
Status acknowledgedResolutionopen 
Product Version4.9.9 / 5.2.9 
Target VersionFixed in Version 
Summary0006410: Default Cache Backend and rights make categories disappear
DescriptionIn an EE you can manage which user group can see a category and which not. If you use Default Cache Backend the rights of the user is cached when loading the category tree who first loads the startpage. And then every user will see exact the categorytree as the random first user.
Steps To Reproduce- install shop and activate Default Cache Backend with File system connector
- create user "[email protected]" and group "withrights" and assign user to it
- create user "[email protected]" and group "norights" and assign user to it
- go to category "Special Offers" and go to tab "Rights"

(The one group will have rights to see the category "Special Offers" the other will not have rights to see the category.)

- click on "Assign User Groups (Exclusively visible)" and assign created group "withrights"
- go to shop and login with user "[email protected]"
- flush cache by deleting all files in cache folder of shop (important! see reason at Additional Information)
- look at startpage, "Special Offers" is shown (correct)
- logout and login with "[email protected]"
- look at startpage, "Special Offers" is shown, but it should not!
- flush cache by deleting all files in cache folder of shop (important! see reason at Additional Information)
- look at startpage, your category is not shown (correct), because cache is flushed and will be rebuilt with rights of "[email protected]"
- logout and login with "[email protected]"
- look at startpage, your category is not shown, but it should!
Additional InformationThere are 2 "Flush cache" buttons in admin.

1. Master Settings -> Core Settings -> Cache
It is for flushing all caches

2. Master Settings -> Core Settings -> Cache -> Default Cache Backend
It is for flushing Default Cache Backend only

If you use Button 2 the folder cache will be empty and everything works for the steps to reproduce. If you use button 1 it will first empty the cache folder but after that it will flush Reverse Proxy Backend and this will generate new files in cache folder for some reason and this is done without any user. So it will cache oxppremove = 1 for all categories which have some visible rights. So better use button 1 to reproduce issue or just delete files by command line.
TagsEE
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
MySQL VersionNot defined

Activities

hendrikfreytag

2016-06-14 12:10

reporter   ~0011646

Looks like problem begins in function \oxCategoryList::_getSqlSelectFieldsForTree. There the sql is for loading the category tree and how it is build. There is a field oxppremove. It is filled with oxactive and the result of \oxCategoryList::_getSqlRightsSnippet. And this query is cached from the first user who loads a page of the shop. So first user is someone who has rights to see the category oxppremove is 0 and it is cached. Next time a user loads a page in the shop oxppremove is always 0 from the cache no matter what rights he has. And it is the opposite if the user who first loads a page and so fills the cache has no rights to see the category. Then oxppremove will always be 1 and nobody can see the category.

Looks like the solution is not so easy. First you should not cache oxppremove. But if you don't cache it you have to load information from DB and that is qhat you don't want. Or you have to cache information about oxppremove for all user groups and users. But this could be more complicated to implement.

I will improve steps to reproduce.