Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-18701

Error in SearchPermissionCheckerImpl.java

    Details

      Description

      Hello,

      We're having big problems with the Search portlet, and I'm trying to summarize them clearly here.

      The net result of these problems is:

      1. When searching "Everything", groupRoleId is always missing -> ONLY content with Guest visibility is found
      2. Searching "This Community" works, but searching "This Organization" also returns only Guest viewable content

      The problem is that when using the Search portlet, the generated search Query does not include groupRoleId terms which are necessary to find content which is not viewable to Guest. The below code is copied from SearchPermissionCheckerImpl.doGetPermissionQuery_5(..), but from what I can tell the same applies to ..._6.

      Code from SearchPermissionCheckerImpl.java#doGetPermissionQuery_5(...)
      // ...
      
      PermissionCheckerBag bag = getUserBag(userId);
      
      List<Group> groups = new ArrayList<Group>();
      List<Role> roles = bag.getRoles();
      List<UserGroupRole> userGroupRoles = new ArrayList<UserGroupRole>();
      
      
      if ((groupIds == null) || (groupIds.length == 0)) {
      
      /* 
       * When searching "Everything", groupId == 0L which makes groupIds an Array of length 1 so we don't
       * enter here. The statement should be
       * if (groupIds == null || groupIds.length == 0 || groupIds[0] == 0L) {
       */
      
        groups.addAll(
          GroupLocalServiceUtil.getUserGroups(userId, true));
        groups.addAll(bag.getGroups());
      
        userGroupRoles = UserGroupRoleLocalServiceUtil.getUserGroupRoles(userId);
      }
      else {
        for (long groupId : groupIds) {
      
      /* 
       * This method (GroupLocalServiceUtil.hasUserGroup) seems to return false even when groupId is that of an 
       * organization in which the user IS a member (it works correctly for Communities). (This is what happens when searching "Current Organization" 
       * with the Search portlet.) Thus groups ends up empty!!
       */
      
          if (GroupLocalServiceUtil.hasUserGroup(userId, groupId)) {
            Group group = GroupLocalServiceUtil.getGroup(groupId);
            groups.add(group);
          }
      
      /* 
       * These methods don't seem to account for implied roles (Org/Comm member etc), 
       * but only for "physically persisted" ones. Probably by design though?
       */
          userGroupRoles.addAll(
            UserGroupRoleLocalServiceUtil.getUserGroupRoles(
              userId, groupId));
          userGroupRoles.addAll(
            UserGroupRoleLocalServiceUtil.
              getUserGroupRolesByUserUserGroupAndGroup(userId, groupId));
        }
      }
      
      // ...
      
      /*
       * Farther down in this method we encounter the following, EXTREMELY IMPORTANT, piece of code.
       * The catch is that if groups is empty, which it often is (wrongly in my opinion), no groupRoleId:s
       * are included in the search query.
      
      for (Group group : groups) {
        addRequiredMemberRole(group, permissionQuery);
      }
      
      

      In summary:

      1. The if statement is wrong and does not properly handle the case when an Array of long of length 1 whose element is 0L which means that we often go into the else block even when we don't intend to. (Since e.g. the search portlet explicitly passes groupId:0)
      2. Since the groups from PermissionCheckerBag.getGroups() are not included when searching "Everything", we miss them
      3. GroupLocalServiceUtil.hasUserGroup(...) doesn't work correctly for Organizations
      4. If all necessary groupIds are not in groups by the time we do addRequiredMemberRole(...), the user will not get all the hits which he has the rights to see.

        Attachments

        1. john_c_everything.png
          john_c_everything.png
          61 kB
        2. john_c_this.png
          john_c_this.png
          49 kB
        3. john_o_everything.png
          john_o_everything.png
          58 kB
        4. john_o_this.png
          john_o_this.png
          47 kB
        5. search_current_organization.png
          search_current_organization.png
          17 kB
        6. search_everything.png
          search_everything.png
          21 kB

          Activity

            People

            Assignee:
            ryan.wan Ryan Wan
            Reporter:
            carlson.gustav Gustav Carlson
            Participants of an Issue:
            Recent user:
            Brian Wulbern
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Days since last comment:
              9 years, 4 weeks, 4 days ago

                Packages

                Version Package
                --Sprint 12/11
                6.1.0 CE RC1