Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

node permissions not respected for search

tim-erwin
Champ in-the-making
Champ in-the-making

‎10-27-2014 05:47 AM

I have a webscript that does a search query like so:


params.addStore(StoreRef.STORE_REF_WORKSPACE_SPACESSTORE);
params.setQuery("a simple lucene query");
ResultSet result = this.searchService.query(params);


The search works great except that it does not respect the persmissions of the respective user. It returns items the user is not allowed to see. The description of the webscript is as follows:


<webscript>
   <shortname>Search the repository</shortname>
   <description></description>
   <url>/myPackage/search</url>
   <authentication>user</authentication>
   <transaction>none</transaction>
</webscript>


I checked the SOAP API which uses pretty much the same call

StoreRef storeRef = Utils.convertToStoreRef(store);
searchResults = searchService.query(storeRef, query.getLanguage(), statement);

There the permissions are checked. So this should not be a configuration issue.

How can I make the webscript respect the users' persmissions?
Labels:
0 Kudos
1 REPLY 1

afaust
Legendary Innovator
Legendary Innovator

‎10-27-2014 08:00 AM

Hello,

if you have a Java-backed web script, please keep in mind to always configure it using public service beans (e.g. beans called "SearchService" / "NodeService" with an upper-cased initial letter) in your Spring configuration XML files. Only those service beans will have the security mechanism attached while the private service beans (lower-cased initial letter) are the actual implementation.

Regards
Axel
Axel
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC