MNT-22385 Cmis query GetTotalNumItems is returning wrong value (#504)

* Changes made to correct the value of totalItems when performing a TMDQ * Fixes after review - Slight change was made to NodePermissionAssessor to log when permission limits are exceeded * Now pre-computing maxPermissionChecks value as per review suggestion
2025-07-31 17:39:05 +00:00 · 2021-05-28 09:16:38 +01:00
parent 0e55290c57
commit cb636d1140
5 changed files with 67 additions and 19 deletions
--- a/repository/src/main/java/org/alfresco/repo/search/impl/querymodel/impl/db/DBQueryEngine.java
+++ b/repository/src/main/java/org/alfresco/repo/search/impl/querymodel/impl/db/DBQueryEngine.java
@@ -112,6 +112,8 @@ public class DBQueryEngine implements QueryEngine
    
    private long maxPermissionCheckTimeMillis;

+    private boolean maxPermissionCheckEnabled;
+
    protected EntityLookupCache<Long, Node, NodeRef> nodesCache;

    private List<Pair<Long, StoreRef>> stores;
@@ -122,7 +124,7 @@ public class DBQueryEngine implements QueryEngine
    {
        this.aclCrudDAO = aclCrudDAO;
    }
-    
+
    public void setMaxPermissionChecks(int maxPermissionChecks)
    {
        this.maxPermissionChecks = maxPermissionChecks;
@@ -132,6 +134,11 @@ public class DBQueryEngine implements QueryEngine
    {
        this.maxPermissionCheckTimeMillis = maxPermissionCheckTimeMillis;
    }
+    
+    public void setMaxPermissionCheckEnabled(boolean maxPermissionCheckEnabled)
+    {
+        this.maxPermissionCheckEnabled = maxPermissionCheckEnabled;
+    }

    public void setTemplate(SqlSessionTemplate template)
    {
@@ -329,13 +336,7 @@ public class DBQueryEngine implements QueryEngine
            @Override
            public void handleResult(ResultContext<? extends Node> context)
            {
-                doHandleResult(permissionAssessor, nodes, requiredNodes, context);
-            }
-            
-            private void doHandleResult(NodePermissionAssessor permissionAssessor, List<Node> nodes,
-                                        int requiredNodes, ResultContext<? extends Node> context)
-            {
-                if (nodes.size() >= requiredNodes)
+                if (!maxPermissionCheckEnabled && nodes.size() >= requiredNodes)
                {
                    context.stop();
                    return;
@@ -344,7 +345,7 @@ public class DBQueryEngine implements QueryEngine
                Node node = context.getResultObject();
                addStoreInfo(node);
                
-                boolean shouldCache = nodes.size() >= options.getSkipCount();
+                boolean shouldCache = shouldCache(options, nodes, requiredNodes);
                if(shouldCache)
                {
                    logger.debug("- selected node "+nodes.size()+": "+node.getUuid()+" "+node.getId());
@@ -357,7 +358,14 @@ public class DBQueryEngine implements QueryEngine
                
                if (permissionAssessor.isIncluded(node))
                {
-                    nodes.add(shouldCache ? node : null);
+                    if (nodes.size() > requiredNodes)
+                    {
+                        nodes.add(node);
+                    }
+                    else
+                    {
+                        nodes.add(shouldCache ? node : null);
+                    }
                }
                
                if (permissionAssessor.shouldQuitChecks())
@@ -366,6 +374,18 @@ public class DBQueryEngine implements QueryEngine
                    return;
                }
            }
+
+            private boolean shouldCache(QueryOptions options, List<Node> nodes, int requiredNodes)
+            {
+                if (nodes.size() > requiredNodes)
+                {
+                    return false;
+                }
+                else
+                {
+                    return nodes.size() >= options.getSkipCount();
+                }
+            }
        });

        int numberFound = nodes.size();
--- a/repository/src/main/java/org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessor.java
+++ b/repository/src/main/java/org/alfresco/repo/search/impl/querymodel/impl/db/NodePermissionAssessor.java
@@ -41,9 +41,13 @@ import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
 import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.namespace.QName;
 import org.alfresco.util.EqualsHelper;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;

 public class NodePermissionAssessor
 {
+    protected static final Log logger = LogFactory.getLog(NodePermissionAssessor.class);
+
    private final boolean isSystemReading;
    private final boolean isAdminReading;
    private final boolean isNullReading;
@@ -138,24 +142,31 @@ public class NodePermissionAssessor

    public void setMaxPermissionChecks(int maxPermissionChecks)
    {
-        this.maxPermissionChecks = maxPermissionChecks;
+        if (maxPermissionChecks == Integer.MAX_VALUE)
+        {
+            this.maxPermissionChecks = maxPermissionChecks;
+        }
+        else
+        {
+            this.maxPermissionChecks = maxPermissionChecks + 1;
+        }
    }
    
    public boolean shouldQuitChecks()
    {
-        boolean result = false;
-        
        if (checksPerformed >= maxPermissionChecks)
        {
-            result = true;
+            logger.warn("Maximum permission checks exceeded (" + maxPermissionChecks + ")");
+            return true;
        }
-        
+
        if ((System.currentTimeMillis() - startTime) >= maxPermissionCheckTimeMillis)
        {
-            result = true;
+            logger.warn("Maximum permission checks time exceeded (" + maxPermissionCheckTimeMillis + ")");
+            return true;
        }
-        
-        return result;
+
+        return false;
    }

    public void setMaxPermissionCheckTimeMillis(long maxPermissionCheckTimeMillis)
--- a/repository/src/main/resources/alfresco/repository.properties
+++ b/repository/src/main/resources/alfresco/repository.properties
@@ -153,6 +153,7 @@ system.cache.parentAssocs.limitFactor=8
 system.acl.maxPermissionCheckTimeMillis=10000
 # The maximum number of search results to perform permission checks against
 system.acl.maxPermissionChecks=1000
+system.acl.maxPermissionCheckEnabled=false

 # The maximum number of filefolder list results
 system.filefolderservice.defaultListMaxResults=5000
--- a/repository/src/main/resources/alfresco/subsystems/Search/common-search-context.xml
+++ b/repository/src/main/resources/alfresco/subsystems/Search/common-search-context.xml
@@ -126,6 +126,9 @@
        <property name="maxPermissionCheckTimeMillis">
        	<value>${system.acl.maxPermissionCheckTimeMillis}</value>
        </property>
+        <property name="maxPermissionCheckEnabled">
+            <value>${system.acl.maxPermissionCheckEnabled}</value>
+        </property>
    </bean>
   
   <bean id="search.dbQueryEngine" class="org.springframework.aop.framework.ProxyFactoryBean">
--- a/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/DBQueryEngineTest.java
+++ b/repository/src/test/java/org/alfresco/repo/search/impl/querymodel/impl/db/DBQueryEngineTest.java
@@ -167,7 +167,20 @@ public class DBQueryEngineTest
        assertNodePresent(6, result);
        assertNodePresent(7, result);
    }
-    
+
+    @Test
+    public void shouldResultSetLengthMatchTheAmountOfAllAccessibleNodesWhenMaxPermissionCheckEnabled()
+    {
+        withMaxItems(5);
+        prepareTemplate(dbQuery, createNodes(10));
+        when(assessor.isIncluded(any(Node.class))).thenReturn(true);
+
+        engine.setMaxPermissionCheckEnabled(true);
+        FilteringResultSet result = engine.acceleratedNodeSelection(options, dbQuery, assessor);
+
+        assertEquals(10, result.length());
+    }
+
    @Test
    public void shouldNotConsiderInaccessibleNodesInResultSetWhenSkippingNodes()
    {