Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

85023: Merged PLATFORM1 (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud) 84171: ACE-1692: system property security.anyDenyDenies is respected by AbstractQParser (when SolrQueryHTTPClient sends authority filter in json) git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85338 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2014-09-20 10:22:30 +00:00
parent c4ee02ff38
commit 238448f7b5
2 changed files with 15 additions and 0 deletions
--- a/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
+++ b/source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
@@ -116,6 +116,8 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
    private boolean includeGroupsForRoleAdmin = false;
    
    private int maximumResultsFromUnlimitedQuery = Integer.MAX_VALUE;
+
+    private boolean anyDenyDenies;
 	
    public static final int DEFAULT_SAVEPOST_BUFFER = 4096;

@@ -208,6 +210,17 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
        this.maximumResultsFromUnlimitedQuery = maximumResultsFromUnlimitedQuery;
    }

+    /**
+     * When set, a single DENIED ACL entry for any authority will result in
+     * access being denied as a whole. See system property {@code security.anyDenyDenies}
+     * 
+     * @param anyDenyDenies
+     */
+    public void setAnyDenyDenies(boolean anyDenyDenies)
+    {
+        this.anyDenyDenies = anyDenyDenies;
+    }
+
    /**
     * Executes a solr query for statistics
     * 
@@ -443,6 +456,7 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
                }
            }
            body.put("authorities", authorities);
+            body.put("anyDenyDenies", anyDenyDenies);
            
            JSONArray tenants = new JSONArray();
            tenants.put(tenantService.getCurrentUserDomain());