You are here: Foswiki>Tasks Web>Item14061 (11 Aug 2016, GeorgeClark)Edit Attach

Item14061: Non-admin users are unable to refresh the page cache using the refresh query param. It's silently ignored.

pencil
Priority: Urgent
Current State: Closed
Released In: 2.1.2
Target Release: patch
Applies To: Engine
Component: PageCache
Branches: Item14061 master Release02x01 Item14033 Item13897
Reported By: PhilippeKehl
Waiting For:
Last Change By: GeorgeClark
The PageCaching mechanism for force-refreshing the cache of a page (query parameter refresh=cache) doesn't work anymore.

It seems that commit distro:753517244683e36d6358bba0989dba2900bbe9b9 broke it (change line 226 and/or removed line 338 and/or something else).

The query parameter refresh=fire however seems to have a similar behaviour now.

So maybe we only need to change the documentation (and the link at the bottom of every page)?

See here for a few more details discussed in the chat.

-- PhilippeKehl - 01 May 2016

The unit tests have a number of issues:
  • The assertion for cached, or not cached, never actually asserts. So that particular check always passes. Fix that, and now:
  • The core code fails to add the X-Foswiki-Cached header in most circumstances, so it still fails. So add the Cached header and:
  • Foswiki::Cache::getPage doesn't process any refresh variation except for refresh=all. So the cache doesn't get reset.
  • There is no test to verify the oops when a non-admin attempts to clear the global cache.
  • Even removing the admin check above doesn't seem to be the complete fix.

-- GeorgeClark - 01 May 2016

MichaelDaum, I've checked in a number of fixes into the Item14061 branch. Could you please review them in some depth and we'll have to build a Foswiki 2.1.2 sooner than later unfortunately. (I'm wondering if we should hold off on announcing 2.1.1 for now.)

-- GeorgeClark - 01 May 2016

Everything looks fine ... except one: refresh=all is an admin-only maintenance operation. I can't see where this check has gone looking at the patches. Am I blind?

This is an important one as it nukes all of the page cache. WikiGuests and even non-admins shall not be allowed to perform such a critical operation. Invalidating the cache of a single page is fine as a normal save would do that anyway. However global operations like refresh=all must remain an admin-only thing.

-- MichaelDaum - 02 May 2016

Foswiki::PageCache::getPage() line 317 It's there and the new unit test verifies that it works.

-- GeorgeClark - 02 May 2016
 
Topic revision: r15 - 11 Aug 2016, GeorgeClark - This page was cached on 07 Jun 2017 - 13:27.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License