Fix for ALF-20318 Metadata query does not enforce security using SOLR and NOINDEX

- unit test only covers the lucene sub-system in the build git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@56666 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-10-14 20:20:48 +00:00
parent 53bdfb6e2a
commit 84d0fe27bc
4 changed files with 59 additions and 12 deletions
--- a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
@@ -500,6 +500,11 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,

    {
        ResultSet raw = returnedObject.getWrapped();
+        // Check for nested evaluation FilteringResultSet is only wrapped here
+        if(raw instanceof FilteringResultSet)
+        {
+            return returnedObject;
+        }
        ResultSet filteredForPermissions = decide(authentication, object, config, raw);
        PagingLuceneResultSet newPaging = new PagingLuceneResultSet(filteredForPermissions, returnedObject.getResultSetMetaData().getSearchParameters(), nodeService);
        return newPaging;
--- a/source/test-java/org/alfresco/repo/search/SearchServiceTest.java
+++ b/source/test-java/org/alfresco/repo/search/SearchServiceTest.java
@@ -123,30 +123,30 @@ public class SearchServiceTest extends TestCase
        rootNodeRef = nodeService.getRootNode(storeRef);

        n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}01"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        pubPermissionService.setPermission(n1, "andy", "Read", true);
        n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}02"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        pubPermissionService.setPermission(n2, "andy", "Read", true);
        n3 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}03"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        pubPermissionService.setPermission(n3, "andy", "Read", true);
        n4 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}04"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        pubPermissionService.setPermission(n4, "andy", "Read", true);
        n5 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}05"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        pubPermissionService.setPermission(n5, "andy", "Read", true);
        n6 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}06"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        n7 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}07"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        n8 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}08"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        n9 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}09"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();
        n10 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{test}10"),
-                ContentModel.TYPE_CONTAINER).getChildRef();
+                ContentModel.TYPE_FOLDER).getChildRef();

    }

@@ -259,4 +259,19 @@ public class SearchServiceTest extends TestCase
        assertEquals(results.getResultSetMetaData().getPermissionEvaluationMode(), PermissionEvaluationMode.EAGER);
        results.close();
    }
+    
+    public void testAndyCMIS()
+    {
+        authenticationComponent.setCurrentUser("andy");
+        SearchParameters sp = new SearchParameters();
+        sp.setLanguage(SearchService.LANGUAGE_CMIS_ALFRESCO);
+        sp.setQuery("select * from cmis:folder");
+        sp.addStore(rootNodeRef.getStoreRef());
+        ResultSet results = pubSearchService.query(sp);
+        assertEquals(results.length(), 5);
+        assertNotNull(results.getResultSetMetaData());
+        assertEquals(results.getResultSetMetaData().getLimitedBy(), LimitBy.UNLIMITED);
+        assertEquals(results.getResultSetMetaData().getPermissionEvaluationMode(), PermissionEvaluationMode.EAGER);
+        results.close();
+    }
 }