-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 5.2.3
-
Fix Version/s: --Sprint 12/11, 6.1.0 CE RC1
-
Component/s: None
-
Labels:None
-
Environment:all
-
Branch Version/s:5.2.x
-
Liferay Contributor's Agreement:Accept
when we do searches, we currently send the query over to SearchPermissionCheckerImpl.java and it will modify the query to include the roleIds that the user has.
see code here:
protected void doAddPermissionFields_5(
long companyId, long groupId, String className, String classPK,
Document doc)
throws Exception {
Resource resource = ResourceLocalServiceUtil.getResource(
companyId, className, ResourceConstants.SCOPE_INDIVIDUAL,
classPK);
Group group = GroupLocalServiceUtil.getGroup(groupId);
List<Role> roles = ResourceActionsUtil.getRoles(group, className);
List<Long> roleIds = new ArrayList<Long>();
for (Role role : roles) {
long roleId = role.getRoleId();
if (hasPermission(roleId, resource.getResourceId()))
{ roleIds.add(roleId); }}
doc.addKeyword(
Field.ROLE_ID, roleIds.toArray(new Long[roleIds.size()]));
}
This works well when we are searching in a particular group (community / org) because the code will check to find out which roles you have for that particular groupId and add it to the query.
However, if you are searching across all communities / orgs (as is done when using the search portlet), the groupId is "0" and so no community roles are added to the query. This means that even if you have permission to view some content in a community.. it will not appear in the search results because you dont have those permissions.
What we should do is to add logic so that..
if (groupId == 0) {
// get a list of all groups that the user is associated with
// for each of those groups, get all roles that correspond to the user and the group..
}
else {
// get the roles associated with the selected groupId (the current behavior)
}
this way, the search will respect the permissions for each community.
Scott