inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-07 17:49:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged HEAD-BUG-FIX (5.0/Cloud) to HEAD (5.0/Cloud)

Browse Source 
85023: Merged PLATFORM1 (5.0/Cloud) to HEAD-BUG-FIX (5.0/Cloud)
      84171: ACE-1692: system property security.anyDenyDenies is respected by AbstractQParser (when SolrQueryHTTPClient sends authority filter in json)


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@85338 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Mark Rogers
2014-09-20 10:22:30 +00:00
parent c4ee02ff38
commit 238448f7b5
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/alfresco/subsystems/Search/solr4/solr-search-context.xml
View File

@@ -66,6 +66,7 @@
<property name="maximumResultsFromUnlimitedQuery"> <property name="maximumResultsFromUnlimitedQuery">
<value>${solr.query.maximumResultsFromUnlimitedQuery}</value> <value>${solr.query.maximumResultsFromUnlimitedQuery}</value>
</property> </property>
<property name="anyDenyDenies" value="${security.anyDenyDenies}"/>
</bean> </bean>

14
source/java/org/alfresco/repo/search/impl/solr/SolrQueryHTTPClient.java
View File

@@ -116,6 +116,8 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
private boolean includeGroupsForRoleAdmin = false; private boolean includeGroupsForRoleAdmin = false;
private int maximumResultsFromUnlimitedQuery = Integer.MAX_VALUE; private int maximumResultsFromUnlimitedQuery = Integer.MAX_VALUE;
private boolean anyDenyDenies;
public static final int DEFAULT_SAVEPOST_BUFFER = 4096; public static final int DEFAULT_SAVEPOST_BUFFER = 4096;
@@ -208,6 +210,17 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
this.maximumResultsFromUnlimitedQuery = maximumResultsFromUnlimitedQuery; this.maximumResultsFromUnlimitedQuery = maximumResultsFromUnlimitedQuery;
} }
/**
* When set, a single DENIED ACL entry for any authority will result in
* access being denied as a whole. See system property {@code security.anyDenyDenies}
*
* @param anyDenyDenies
*/
public void setAnyDenyDenies(boolean anyDenyDenies)
{
this.anyDenyDenies = anyDenyDenies;
}
/** /**
* Executes a solr query for statistics * Executes a solr query for statistics
* *
@@ -443,6 +456,7 @@ public class SolrQueryHTTPClient implements BeanFactoryAware
} }
} }
body.put("authorities", authorities); body.put("authorities", authorities);
body.put("anyDenyDenies", anyDenyDenies);
JSONArray tenants = new JSONArray(); JSONArray tenants = new JSONArray();
tenants.put(tenantService.getCurrentUserDomain()); tenants.put(tenantService.getCurrentUserDomain());