diff --git a/config/alfresco/subsystems/Search/solr4/solr-search-context.xml b/config/alfresco/subsystems/Search/solr4/solr-search-context.xml
index 9c5c73c8cf..64b16fd590 100644
--- a/config/alfresco/subsystems/Search/solr4/solr-search-context.xml
+++ b/config/alfresco/subsystems/Search/solr4/solr-search-context.xml
@@ -66,6 +66,7 @@
${solr.query.maximumResultsFromUnlimitedQuery}
+
diff --git a/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java b/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
index 023d73a7a9..b9cd3c834c 100644
--- a/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
+++ b/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
@@ -116,6 +116,8 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
private boolean includeGroupsForRoleAdmin = false;
private int maximumResultsFromUnlimitedQuery = Integer.MAX_VALUE;
+
+ private boolean anyDenyDenies;
public static final int DEFAULT_SAVEPOST_BUFFER = 4096;
@@ -208,6 +210,17 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
this.maximumResultsFromUnlimitedQuery = maximumResultsFromUnlimitedQuery;
}
+ /**
+ * When set, a single DENIED ACL entry for any authority will result in
+ * access being denied as a whole. See system property {@code security.anyDenyDenies}
+ *
+ * @param anyDenyDenies
+ */
+ public void setAnyDenyDenies(boolean anyDenyDenies)
+ {
+ this.anyDenyDenies = anyDenyDenies;
+ }
+
/**
* Executes a solr query for statistics
*
@@ -443,6 +456,7 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
}
}
body.put("authorities", authorities);
+ body.put("anyDenyDenies", anyDenyDenies);
JSONArray tenants = new JSONArray();
tenants.put(tenantService.getCurrentUserDomain());