Don't miss out Virtual Happy Hour this Friday (April 26).

Try our conversational search powered by Generative AI!

AI OnAI Off

FilterOnReadAccess() broken due to changes in VirtualRoleRepository (Episerver please fix it)

(╯°□°)╯︵ ┻━┻
(╯°□°)╯︵ ┻━┻
Vote:
 

Hi

Episerver Find extension method ContentSearchExtensions.FilterOnReadAccess is broken. It no longer returns any results for anonymous users.

The issue happens with the latest nugets:
EPiServer.CMS.Core 9.8.1
EPiServer.Find 11.1.4.4296
EPiServer.Find.Cms 11.1.4.4296
EPiServer.Find.Framework 11.1.4.4296

It seems that the issue is caused by changes in EPiServer.Security.VirtualRoleRepository, which has method VirtualRoleRepository.GetDefault() for obtaining an instance. The method is now deprecated and no longer works as it should, but the latest Find nuget uses it. The fix is to use IoC to obtain the instance.

    // Class: EPiServer.Find.Cms.ContentSearchExtensions
    private static IEnumerable GetCurrentUsersRoles()
    {
      List list = Enumerable.ToList((IEnumerable) PrincipalInfo.Current.RoleList);
      
      // This seems to cause the issue. GetDefault method is deprecated and returns the wrong instance
      VirtualRoleRepository @default = VirtualRoleRepository.GetDefault();
      
      // !!! Should use IoC. This retrieves the correct instance
      //VirtualRoleRepository @default = ServiceLocator.Current.GetInstance();
      
      foreach (string name in @default.GetAllRoles())
      {
        VirtualRoleProviderBase virtualRoleProvider;
        if (@default.TryGetRole(name, out virtualRoleProvider) && virtualRoleProvider.IsInVirtualRole(PrincipalInfo.CurrentPrincipal, (object) null))
          list.Add(name);
      }
      if (Roles.Enabled)
        list.AddRange((IEnumerable) Roles.GetRolesForUser(PrincipalInfo.Current.Name));
      return Enumerable.Distinct((IEnumerable) list);
    }

The latest CMS patch is not rollbackable due to DB changes, and I would really like to avoid making own workaround extensions for Find. So, could you release a fix as soon as possible, please :)

#147670
Apr 21, 2016 1:24
(╯°□°)╯︵ ┻━┻
(╯°□°)╯︵ ┻━┻
Vote:
 

Looks like EPiServer.GoogleAnalytics is also affected, and likely all older code that uses virtual roles. Perhaps the easiest fix is to make VirtualRoleRepository<VirtualRoleProviderBase>.GetDefault() backwards compatible?

Edit: Episerver support had already received a bug report about the issue: This is an issue which has been reported already and a bug has been created: FIND-973 After upgrading cms.core to 9.8.0 .FilterOnReadAccess() and .FilterForVisitor() stops working for anonymous users

#147672
Edited, Apr 21, 2016 2:30
Henric Noland
Henric Noland
Vote:
 

Hi! 

Any update on this? Got the same problem for one customer. 

/ Henric

#147812
Apr 26, 2016 8:29
Marcus Bagge
Marcus Bagge
Vote:
 

Can't seem to find it in their buglist: 

"The bug you were looking for – FIND-973 – doesn’t exist"

#147898
Apr 27, 2016 13:19
Henric Noland
Henric Noland
Vote:
 

I asked the support if they knew anything. 

"The developers haven't started to investigate this bug yet. The bug is in 'Triage' which means that the process hasn't started yet."

/ Henric

#147899
Edited, Apr 27, 2016 13:26
Johan Björnfot
Johan Björnfot
Vote:
 

The bug has been fixed and is currently in test for verification. If everything goes as planned it should be included in next release of EPiServer.CMS.Core

#148051
May 02, 2016 17:31
Henric Noland
Henric Noland
Vote:
 

Great news! But when are you planning the next release of EPiServer.CMS.Core? 

/ Henric

#148056
May 03, 2016 7:55
Johan Björnfot
Johan Björnfot
Vote:
 

Hopefully at the end of this week (friday) or early next week

#148058
May 03, 2016 8:43
Fredrik von Werder
Fredrik von Werder
Vote:
 

Same here, little bit of panic here, please fix this rapidly!

#148166
May 05, 2016 9:15
Fredrik von Werder
Fredrik von Werder
Vote:
 

I see now there is a new release out!

http://world.episerver.com/releases/episerver---update-111/

#148313
May 10, 2016 7:23
Marcus Bagge
Marcus Bagge
Vote:
 

Is the fix included in this update?

#148327
May 10, 2016 10:54
Johan Björnfot
Johan Björnfot
Vote:
 

The fix is included in EPiServer.CMS.Core 9.9.0

#148328
May 10, 2016 10:56
This topic was created over six months ago and has been resolved. If you have a similar question, please create a new topic and refer to this one.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.