Item14061: Non-admin users are unable to refresh the page cache using the refresh query param. It's silently ignored.
Priority: Urgent
Current State: Closed
Released In: 2.1.2
Target Release: patch
The
PageCaching mechanism for force-refreshing the cache of a page (query parameter
refresh=cache
) doesn't work anymore.
It seems that commit
distro:753517244683e36d6358bba0989dba2900bbe9b9 broke it (change line 226 and/or removed line 338 and/or something else).
The query parameter
refresh=fire
however seems to have a similar behaviour now.
So maybe we only need to change the documentation (and the link at the bottom of every page)?
See
here for a few more details discussed in the chat.
--
PhilippeKehl - 01 May 2016
The unit tests have a number of issues:
- The assertion for cached, or not cached, never actually asserts. So that particular check always passes. Fix that, and now:
- The core code fails to add the X-Foswiki-Cached header in most circumstances, so it still fails. So add the Cached header and:
- Foswiki::Cache::getPage doesn't process any refresh variation except for refresh=all. So the cache doesn't get reset.
- There is no test to verify the oops when a non-admin attempts to clear the global cache.
- Even removing the admin check above doesn't seem to be the complete fix.
--
GeorgeClark - 01 May 2016
MichaelDaum, I've checked in a number of fixes into the
Item14061 branch. Could you please review them in some depth and we'll have to build a Foswiki 2.1.2 sooner than later unfortunately. (I'm wondering if we should hold off on announcing 2.1.1 for now.)
--
GeorgeClark - 01 May 2016
Everything looks fine ... except one: refresh=all is an admin-only maintenance operation. I can't see where this check has gone looking at the patches. Am I blind?
This is an important one as it nukes all of the page cache.
WikiGuests and even non-admins shall not be allowed to perform such a critical operation.
Invalidating the cache of a single page is fine as a normal save would do that anyway. However global operations like refresh=all must remain an admin-only thing.
--
MichaelDaum - 02 May 2016
Foswiki::PageCache::getPage() line 317 It's there and the new unit test verifies that it works.
--
GeorgeClark - 02 May 2016