Defect #9308

Search fails when a role haven't "view wiki" permission

Added by pasquale [:dedalus] about 6 years ago. Updated about 6 years ago.

Status:ClosedStart date:2011-09-22
Priority:HighDue date:
Assignee:-% Done:

0%

Category:Search engine
Target version:1.2.2
Resolution:Fixed Affected version:1.2.1

Description

I have configured a role that haven't the "view wiki" permission.
When a user that has this role (in all projects) search for some word, redmine fails with this message (bug-in-action.jpg)
If I grant the permission to the role, all works fine.
This is a major bug because normal user can think that the site don't work.

In the log file, I see that the query fails on where condition because "text" field is unknown.

ps: the behavior of redmine in this case is very strange: for example, if I search for mail I have an error, but if I search for mail. all works fine

bug-in-action.jpg (50.7 KB) pasquale [:dedalus], 2011-09-22 21:24

Associated revisions

Revision 7568
Added by Etienne Massip about 6 years ago

Qualify searchable text column to prevent exception thrown when :content association is not eargerly fetched by AR (#9308).

Revision 7569
Added by Etienne Massip about 6 years ago

Merged r7568 from trunk (#9308).

History

#1 Updated by pasquale [:dedalus] about 6 years ago

pasquale [:dedalus] wrote:

In the log file, I see that the query fails on where condition because "text" field is unknown.

this is the log message:


Processing SearchController#index (for 85.33.108.241 at 2011-09-22 11:57:15) [GET]
  Parameters: {"action"=>"index", "q"=>"mail", "controller"=>"search"}

ActiveRecord::StatementInvalid (Mysql::Error: Unknown column 'text' in 'where clause': SELECT * FROM `wiki_pages` 
WHERE ((1=0) AND (((LOWER(title) LIKE '%mail%') OR (LOWER(text) LIKE '%mail%'))))  ORDER BY wiki_pages.created_on 
DESC LIMIT 11):
  app/controllers/search_controller.rb:77:in `index'
  app/controllers/search_controller.rb:76:in `each'
  app/controllers/search_controller.rb:76:in `index'
  config/initializers/mongrel_cluster_with_rails_211_fix.rb:62:in `dispatch_cgi'

#2 Updated by Etienne Massip about 6 years ago

  • Target version set to Candidate for next minor release

Definitely reproduced, big one, thanks.

#3 Updated by Etienne Massip about 6 years ago

  • Status changed from New to Resolved
  • Target version changed from Candidate for next minor release to 1.2.2
  • Resolution set to Fixed

Fixed with r7568.

#4 Updated by Jean-Philippe Lang about 6 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF