Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-4240

Searching Image Gallery doesnt account for permissions

    Details

    • Type: Bug
    • Status: Closed
    • Resolution: Fixed
    • Affects Version/s: 5.2.3
    • Fix Version/s: 6.0.0 Preview
    • Component/s: None
    • Labels:
      None
    • Environment:
      trunk, 5.2.x
    • Branch Version/s:
      5.2.x
    • Backported to Branch:
      Committed

      Description

      when doing a search on the message boards, the search will not add the roleId to the query. from my email to dev-support on July 16th:

      ------------------------------------------------------------------
      Im doing some dev for the search and noticed that for the search results, we add permission logic in the query so that we only get search results which we have permission to see. This is good, but seems to only be done for Blogs, Bookmarks, Calendar.. etc. but NOT Message Boards, Web Content and Image Gallery. Is there a reason for this?

      Blogs
      in BLogsEntryLocalServiceImpl.search(
      long companyId, long groupId, long userId, long ownerUserId,
      String keywords, int start, int end)
      throws SystemException {

      return SearchEngineUtil.search(
      companyId, groupId, userId, BlogsEntry.class.getName(),
      fullQuery, start, end);

      it passes the userId to the SearchEngineUtil.. but not in the others.. see below:

      Web Content:
      in JournalArticleLocalServiceImpl.search(
      long companyId, long groupId, String keywords, Sort[] sorts,
      int start, int end)
      throws SystemException {

      return SearchEngineUtil.search(
      companyId, fullQuery, sorts, start, end);

      AND

      Message Boards:

      in MBCategoryLocalServiceImpl.search(
      long companyId, long groupId, long[] categoryIds, long threadId,
      String keywords, int start, int end)

      ...
      return SearchEngineUtil.search(companyId, fullQuery, start, end);

      AND

      in IGFolderLocalServiceImpl.search(
      long companyId, long groupId, long[] folderIds, String keywords,
      int start, int end)
      throws SystemException {
      ...
      return SearchEngineUtil.search(companyId, fullQuery, start, end);

      (notice that the userId is never passed to SearchEngineUtil.. and therefore the SearchPermissionCheckerImpl is never called.

      changing this so that the search results return viewable results would mean that we would have to pass in the userId and therefore change the method signatures. is this a bug or intentional? and if intentional.. anyone know why?
      ------------------------------------------------------------------

      from bruno:
      I didn't know that, it should work the same way as DLFolder.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              wesley.gong Wesley Gong
              Reporter:
              scott.lee Scott Lee
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                11 years, 28 weeks, 1 day ago

                  Packages

                  Version Package
                  6.0.0 Preview