Infinite loop in NX_ACCESS_ALLOWED
In our Nuxeo, we experimented a severe bug on the NX_ACCESS_ALLOWED function. Looking closer, we saw that one of our document :
- has no parentid + has a versionableid => in the while loop first iteration, newid and curid are set to versionableid
- on the next iteration, no line is found corresponding to this versionableid :
SELECT parentid INTO newid FROM hierarchy WHERE hierarchy.id = curid;returns and does nothing. newid and curid remains the same, resulting in a infinite loop.
May be our data are corrupted, but I cannot see any foreign key constraint on the versionableid columns in the database ?
We applied the following patch (SET newid = NULL) to avoid the infinite loop:
WHILE curid IS NOT NULL DO BEGIN ... END; -- OUR PATCH HERE SET newid = NULL; SELECT parentid INTO newid FROM hierarchy WHERE hierarchy.id = curid; IF first AND newid IS NULL THEN SELECT versionableid INTO newid FROM versions WHERE versions.id = curid; END IF; SET first = FALSE; SET curid = newid; END WHILE; RETURN FALSE;
It seems that everytime we restart our nuxeo, our patch is overriden by the application. Can we do something about it?
Moreover, I think that you may gain in performance by avoiding the cursor in the fisrt part of the function. Something like this should perform the same task:
SELECT `grant` INTO gr FROM `acls` WHERE `acls`.`id` = curid AND LOCATE(CONCAT('|',user,'|'), allusers) <> 0 AND LOCATE(CONCAT('|',permission,'|'), allperms) <> 0 ORDER BY `pos` LIMIT 1; IF gr IS NOT NULL THEN RETURN gr; END IF;
Thanks for your help, Best regards,
Thanks for the report.
A version whose base document is deleted while there are still proxies pointing to it will have a
versionableid and no
parentid so it's a legitimate case. That's also why there is no foreign key constraint on
versionableid. I'm very surprised that this case was not reported before or covered by tests. I'll work on this in the coming days, NXP-18489 has been opened to track this, you can follow this ticket for updates.
Your patch looks good. But on startup Nuxeo by default re-writes all stored procedures in case they changed during upgrades, which is obviously a problem in this case. You could either patch the nuxeo-core-storage-sql JAR (file mysql.sql.txt contains the definition of the function), or disable the updates on startup using
nuxeo.vcs.noddl=true in nuxeo.conf.