topic Search API and permissions in Alfresco Forum

Search API and permissions

MartinTichovsky — Thu, 30 Apr 2020 13:16:21 GMT

Hello,

i have problem with search API. When i as regular user call this query

{
    "include":["properties"],
    "paging":{
        "maxItems":10,
        "skipCount":0
    },
    "query":{
        "language":"afts",
        "query": "PATH:'/app:company_home/st:sites/cm:Test/cm:documentLibrary//*'"
    }
}

It returns 5 files, which i can see, i have permission on them, but problem is, when someone remove permission from one file, then within next call i will get 403 response. Until SOLR is no't reindexed. This is from my point of view unexpected behaviour. Can i exclude files, which i can't see from results? I know why this is happening, because of SOLR reindex process, which is, he still see 5 files, but when he is trying to return files properties will fail, beacause i don't have permission anymore. My question is, how can i solve this problem?

Thanks

Re: Search API and permissions

afaust — Thu, 30 Apr 2020 18:00:02 GMT

Can you check your Alfresco alfresco-global.properties for any value set for the security.anyDenyDenies? This value should be set to true (default value if not set in your alfresco-global.properties) and should apply cause post-filtering to be applied to any results from SOLR, so these nodes that you can't access because of changed and as-of-yet unindexed ACLs should be filtered out before any attempt to write their metadata is made. They would have had to consciously / deliberately work around this to mess it up in the v1 ReST API.

Re: Search API and permissions

MartinTichovsky — Fri, 01 May 2020 07:02:24 GMT

Unfortunately it not works, i tryed set the security.anyDenyDenies to false or true, i tryed both, and still getting response "framework.exception.PermissionDenied".