From 238448f7b53a10799d77cbaf9788fa18cc4d4334 Mon Sep 17 00:00:00 2001
From: Mark Rogers <mark.rogers@alfresco.com>
Date: Sat, 20 Sep 2014 10:22:30 +0000
Subject: [PATCH] Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)    85023:
 Merged PLATFORM1 (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud)       84171:
 ACE-1692: system property security.anyDenyDenies is respected by
 AbstractQParser (when SolrQueryHTTPClient sends authority filter in json)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85338 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../Search/solr4/solr-search-context.xml           |  1 +
 .../repo/search/impl/solr/SolrQueryHTTPClient.java | 14 ++++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/config/alfresco/subsystems/Search/solr4/solr-search-context.xml b/config/alfresco/subsystems/Search/solr4/solr-search-context.xml
index 9c5c73c8cf..64b16fd590 100644
--- a/config/alfresco/subsystems/Search/solr4/solr-search-context.xml
+++ b/config/alfresco/subsystems/Search/solr4/solr-search-context.xml
@@ -66,6 +66,7 @@
         <property name="maximumResultsFromUnlimitedQuery">
             <value>${solr.query.maximumResultsFromUnlimitedQuery}</value>
         </property>
+        <property name="anyDenyDenies" value="${security.anyDenyDenies}"/>
     </bean>
     
     
diff --git a/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java b/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
index 023d73a7a9..b9cd3c834c 100644
--- a/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
+++ b/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
@@ -116,6 +116,8 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
     private boolean includeGroupsForRoleAdmin = false;
     
     private int maximumResultsFromUnlimitedQuery = Integer.MAX_VALUE;
+
+    private boolean anyDenyDenies;
 	
     public static final int DEFAULT_SAVEPOST_BUFFER = 4096;
 
@@ -208,6 +210,17 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
         this.maximumResultsFromUnlimitedQuery = maximumResultsFromUnlimitedQuery;
     }
 
+    /**
+     * When set, a single DENIED ACL entry for any authority will result in
+     * access being denied as a whole. See system property {@code security.anyDenyDenies}
+     * 
+     * @param anyDenyDenies
+     */
+    public void setAnyDenyDenies(boolean anyDenyDenies)
+    {
+        this.anyDenyDenies = anyDenyDenies;
+    }
+
     /**
      * Executes a solr query for statistics
      * 
@@ -443,6 +456,7 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
                 }
             }
             body.put("authorities", authorities);
+            body.put("anyDenyDenies", anyDenyDenies);
             
             JSONArray tenants = new JSONArray();
             tenants.put(tenantService.getCurrentUserDomain());