Details
-
Bug
-
Resolution: Fixed
-
Major
-
2.3 RC1, 2.2.5
-
None
-
Red Hat Enterprise Linux ES release 4 (Nahant Update 8)
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Apache Tomcat 5.5.28
-
Unit
-
Unknown
-
Description
I have one user on main xwiki that watches all changes on a subwiki and on main wiki. The XWiki.Admin user also watches all events on main wiki and subwiki. I change Sandbox on main wiki and Sandbox on subwiki. Then I go to Scheduler and trigger hourly job.
The XWiki.Admin user receives a notification on both events while the other user only gets notification on event on main wiki.
I switched the xwiki-plugin-watchlist.jar with another one that prints a lot of debug info. The new JAR prints the list of raw events that WatchListEventMatcher gets in its constructor and the lists of matches events per subscriber in getMatchingEvents.
I observed that both events were processed but for the user the event on subwiki was discarded. After a few more debugging I discovered that the event was discarded because permission by the check context.getWiki().getRightService().hasAccessLevel("view", userName, event.getPrefixedFullName(), context). I enabled log for right service and got access denied messages to resource because "(restricting right was found)".
The I double checked permissions for that user. Only if I grant "view" permissions for user on the page the event gets added to matching list.