topic Re: AuthorityService, SearchService and document ownership in Alfresco Archive

AuthorityService, SearchService and document ownership

marco_altieri — Fri, 18 Feb 2011 06:52:38 GMT

Hi,if a user has the ownership of a document (inside a Share document library) he can modify it even if he doesn't belong to the site anymore.This is considered a security issue by a client.To solve this problem, I'm trying to develop a custom AuthorityService that intercepts the removing of a user

Re: AuthorityService, SearchService and document ownership

marco_altieri — Wed, 23 Feb 2011 18:49:27 GMT

I found the solution: it's necessary to verify the permission of each node that lucene returns.


if (permissionService.hasPermission(nodeRef, PermissionService.READ) == AccessStatus.ALLOWED) {
   /* This is a valid nodeRef */
}
else {
   /* the user cannot access this node */
}
‍‍‍‍‍‍‍‍