Fix for ALF-20318 Metadata query does not enforce security using SOLR and NOINDEX

- unit test only covers the lucene sub-system in the build git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@56666 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2025-08-07 17:49:17 +00:00 · 2013-10-14 20:20:48 +00:00
parent 53bdfb6e2a
commit 84d0fe27bc
4 changed files with 59 additions and 12 deletions
--- a/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
+++ b/source/java/org/alfresco/repo/security/permissions/impl/acegi/ACLEntryAfterInvocationProvider.java
@@ -500,6 +500,11 @@ public class ACLEntryAfterInvocationProvider implements AfterInvocationProvider,

    {
        ResultSet raw = returnedObject.getWrapped();
+        // Check for nested evaluation FilteringResultSet is only wrapped here
+        if(raw instanceof FilteringResultSet)
+        {
+            return returnedObject;
+        }
        ResultSet filteredForPermissions = decide(authentication, object, config, raw);
        PagingLuceneResultSet newPaging = new PagingLuceneResultSet(filteredForPermissions, returnedObject.getResultSetMetaData().getSearchParameters(), nodeService);
        return newPaging;