Using Commerce Kickstart and Aegir, and Drupal 7.38. My customer complained today that she's been unable to post pictures or display a particular view. She is logged in with the "administrator" role, selects a view that is role permitted (administrator), and Drupal seems to redirect the query to the anonymous user, which fails with "Access Denied" message. The logs indicate that the issue is the "anonymous" that fails, even though she's logging in as "administrator".

We can duplicate this problem whether it's user 1 or a user assigned the "administrator" role.

1) I can change the view permissions to allow anyone with permission to view content, and the view works (anonymous user can 'view content"). If i change permissions to "administer content" or to a specific role, like "administrator" or "editor", the view fails as above. So, permissions based processes appear to be failing.

2) Flush Cache from the administrator menu fails as above. Flush Cache from Configuration >> Development >> Performance does NOT fail. The problem persists after flushing cache, so it's not a cache issue.

3) IMCE fails too, whether attempting to "File Browse" from the user's login screen or while adding content (selecting the image icon from the WYSISYG screen).

Adding content does not fail. This problem cropped up about 10 days ago, and there has been no system maintenance, no Drupal or module updates, although my customer is maintaining the site herself. We've looked for cookie problems, and there don't appear to be any. The problem exists for existing daily users as well as for myself, my tech, with new launches in Safari and Firefox.

Stumped and would appreciate any insight anyone could provide. We're going to compare file content, but there are 270 files, so its daunting. The site has been working fine for 6 months.

Comments

dwork created an issue. See original summary.

cilefen’s picture

cilefen CreditAttribution: cilefen commented

Does the view have any specific permissions set in its configuration?

dwork’s picture

dwork CreditAttribution: dwork commented

Yes, if the view is specified with Role Permissions (e.g. Administrator and/or Editor), it fails. If the view is specified with Permissions such as "Administer Content", it falls. If the view is specified with more general Permissions such as "View Content", it does NOT fail.

Also, if I login as User 1 (Administrator) and select content, and select content such as Article or Page, the article/page displays but it does not display with editable permissions. I don't even know where to look to problem solve this.

This appears to be a Secure Pages module problem. When I disable Secure Pages, none of the anonymous redirects occur, IMC works, Flush Cache works, etc. I'm closing this issue for now and may move it to the Secure Pages issues.

dwork’s picture

dwork CreditAttribution: dwork commented
Project: Drupal core » Secure Pages
Version: 7.38 » 7.x-1.0-beta2
Component: base system » Code