Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restricted access to getTargetAssocsByPropertyValue

scrasun
Champ in-the-making
Champ in-the-making

‎09-25-2019 08:08 AM

Hi,

Using the capitalised NodeService bean, nodeService.getTargetAssocsByPropertyValue can only be run by the system user. This is due to the bean id="NodeService_security" in alfresco-repository/src/main/resources/alfresco/public-services-security-context.xml , in which there is no entry for this method so it defaults to ACL_DENY, preventing access.

Considering that similar methods (e.g. getChildAssocsByPropertyValue) have entries, it seems as though this might be a mistake/bug, unless there is some specific reason that this method should not be used?

Does anyone know anything about this?

Thanks,
Sam Cheshire

Labels:
0 Kudos
1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator

‎09-25-2019 10:13 AM

This is most definitely a bug / massive oversight in development + testing by Alfresco. It is unfortunately not that uncommon, as I have had to report various methods with missing security configurations myself in the past.

0 Kudos
Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC