-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: Master
-
Fix Version/s: 7.1.10 DXP FP18, 7.1.10.5 SP5, 7.1.X, 7.2.10 DXP FP6, 7.2.X, 7.3.3 CE GA4, 7.3.10 DXP GA1, Master
-
Component/s: Headless Delivery API
-
Branch Version/s:7.2.x, 7.1.x
-
Backported to Branch:Committed
-
Fix Priority:4
Investigated (ping Javier Gamarra) and asked Search team and Lima team.
Looks like it has worked in the past because Elasticsearch permissions are purposely disabled for that endpoint. But that approach is useless, permission changes are not easy to track or revert.
> I’m trying to search for Comments (indexed, backed by MBMessage with discussion to true) with an user that is not a company admin (those work fine) and failing miserably… JSPs don’t use Elasticsearch. They are public (and I haven’t found a related permission)… permission fields are not indexed for comments (they are for the other MBMessages) because they don’t have a ResourcePermission entry and if I set searchPermissionContext to Blank, results get filtered because all hasPermissions fail (error of trying to circunvent PermissionChecker)
- causes
-
COMMERCE-4016 Commerce headless modules fail at runtime due to SearchUtil$SearchContext
-
- Closed
-