Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How does the search result filtering work ?

zengqingyi12
Champ in-the-making
Champ in-the-making

‎12-08-2010 10:03 PM

I find configuration below in alfresco:

    <!– All search results are filtered to exclude nodes that the current user can not        –>
    <!– read. Other methods restrict queries to those nodes the user can read                 –>

    <bean id="SearchService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
        <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
        <property name="objectDefinitionSource">
            <value>
                org.alfresco.service.cmr.search.SearchService.query=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.selectNodes=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.*=ACL_DENY
            </value>
        </property>
    </bean>
But after I navigate to MethodSecurityInterceptor.java, it seems that it only check if current user have the permission to call "query" method, but not filter all the nodes in search result.
Can someone tell me where does the filtering work ? In which class ?

Thanks in advance !
Labels:
0 Kudos
1 REPLY 1

ribz33
Champ on-the-rise
Champ on-the-rise

‎01-13-2011 06:45 AM

I'm not sure, this need to be confirm by alfresco team but i think that lucene search retrieve node without take security.
After for each node returned, Alfresco applies security : it checks static and dynamic rights.

If I'm right, lucene can found 200 nodes but when you display it to user you see only 10 nodes for instance.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC