Infinite loop in NX_ACCESS_ALLOWED

In our Nuxeo, we experimented a severe bug on the NX_ACCESS_ALLOWED function. Looking closer, we saw that one of our document :

  • has no parentid + has a versionableid => in the while loop first iteration, newid and curid are set to versionableid
  • on the next iteration, no line is found corresponding to this versionableid : SELECT parentid INTO newid FROM hierarchy WHERE hierarchy.id = curid; returns and does nothing. newid and curid remains the same, resulting in a infinite loop.

May be our data are corrupted, but I cannot see any foreign key constraint on the versionableid columns in the database ?

We applied the following patch (SET newid = NULL) to avoid the infinite loop:

WHILE curid IS NOT NULL DO
  BEGIN
    ...   
  END;
  -- OUR PATCH HERE
  SET newid = NULL;
  SELECT parentid INTO newid FROM hierarchy WHERE hierarchy.id = curid;
  IF first AND newid IS NULL THEN
    SELECT versionableid INTO newid FROM versions WHERE versions.id = curid;
  END IF;
  SET first = FALSE;
  SET curid = newid;
END WHILE;
RETURN FALSE; 

It seems that everytime we restart our nuxeo, our patch is overriden by the application. Can we do something about it?

Moreover, I think that you may gain in performance by avoiding the cursor in the fisrt part of the function. Something like this should perform the same task:

SELECT `grant` INTO gr FROM `acls`
  WHERE `acls`.`id` = curid 
  AND LOCATE(CONCAT('|',user,'|'), allusers) <> 0 
  AND LOCATE(CONCAT('|',permission,'|'), allperms) <> 0
  ORDER BY `pos`
  LIMIT 1; 
IF gr IS NOT NULL THEN
    RETURN gr;
END IF;

Thanks for your help, Best regards,

Xavier Pallot

0 votes

1 answers

1182 views

ANSWER



Hi,

Thanks for the report.

A version whose base document is deleted while there are still proxies pointing to it will have a versionableid and no parentid so it's a legitimate case. That's also why there is no foreign key constraint on versionableid. I'm very surprised that this case was not reported before or covered by tests. I'll work on this in the coming days, NXP-18489 has been opened to track this, you can follow this ticket for updates.

Your patch looks good. But on startup Nuxeo by default re-writes all stored procedures in case they changed during upgrades, which is obviously a problem in this case. You could either patch the nuxeo-core-storage-sql JAR (file mysql.sql.txt contains the definition of the function), or disable the updates on startup using nuxeo.vcs.noddl=true in nuxeo.conf.

0 votes



NXP-18489 is now fixed and will be available in the next hotfix, thanks again.
11/28/2015