[LPS-4240] Searching Image Gallery doesnt account for permissions - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Resolution: Fixed
Affects Version/s: 5.2.3
Fix Version/s: 6.0.0 Preview
Component/s: None
Labels:
None
Environment:
trunk, 5.2.x

Branch Version/s:

5.2.x
Backported to Branch:

Committed

Description

when doing a search on the message boards, the search will not add the roleId to the query. from my email to dev-support on July 16th:

------------------------------------------------------------------
Im doing some dev for the search and noticed that for the search results, we add permission logic in the query so that we only get search results which we have permission to see. This is good, but seems to only be done for Blogs, Bookmarks, Calendar.. etc. but NOT Message Boards, Web Content and Image Gallery. Is there a reason for this?

Blogs
in BLogsEntryLocalServiceImpl.search(
long companyId, long groupId, long userId, long ownerUserId,
String keywords, int start, int end)
throws SystemException {

return SearchEngineUtil.search(
companyId, groupId, userId, BlogsEntry.class.getName(),
fullQuery, start, end);

it passes the userId to the SearchEngineUtil.. but not in the others.. see below:

Web Content:
in JournalArticleLocalServiceImpl.search(
long companyId, long groupId, String keywords, Sort[] sorts,
int start, int end)
throws SystemException {

return SearchEngineUtil.search(
companyId, fullQuery, sorts, start, end);

AND

Message Boards:

in MBCategoryLocalServiceImpl.search(
long companyId, long groupId, long[] categoryIds, long threadId,
String keywords, int start, int end)

...
return SearchEngineUtil.search(companyId, fullQuery, start, end);

AND

in IGFolderLocalServiceImpl.search(
long companyId, long groupId, long[] folderIds, String keywords,
int start, int end)
throws SystemException {
...
return SearchEngineUtil.search(companyId, fullQuery, start, end);

(notice that the userId is never passed to SearchEngineUtil.. and therefore the SearchPermissionCheckerImpl is never called.

changing this so that the search results return viewable results would mean that we would have to pass in the userId and therefore change the method signatures. is this a bug or intentional? and if intentional.. anyone know why?
------------------------------------------------------------------

from bruno:
I didn't know that, it should work the same way as DLFolder.

Attachments

Issue Links

is related to

LPS-4239 Searching Message Boards doesnt account for permissions

Closed

relates

LPE-1198 Searching image gallery does not account for permissions

Closed

LPS-4241 Searching Journal / Web Content doesnt account for permissions

Closed

Activity

People

Assignee:: Wesley Gong

Reporter:: Scott Lee

Participants of an Issue:: Scott Lee, Wesley Gong

Recent user:: Esther Sanz

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 22/Jul/09 1:57 PM

Updated:: 25/Jul/09 12:00 AM

Resolved:: 25/Jul/09 12:00 AM

Days since last comment:: 11 years, 28 weeks, 1 day ago

Packages

Version	Package
6.0.0 Preview