Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-74782

JournalArticleServiceUtil.search doesn't work well when searching in all groups

    Details

      Description

      master/7.0.x: Already fixed as part of LPS-63181 (Technical Task) and LPS-69516 (partially committed to ee-6.2.x)


      groupId = 0 means "all groups" when passing to JournalArticleService.search, so it should return Web Contents from all Sites. For regular users, however, it doesn't return anything.

      Background
      The Javadoc of JournalArticleService.search writes about groupId parameter that "the primary key of the group (optionally 0)".

      JournalArticleFinderImpl handles 0 (or less) groupIds properly as follows

      if (groupId <= 0) {
      	sql = StringUtil.replace(
      		sql, "(JournalArticle.groupId = ?) AND", StringPool.BLANK);
      }
      

      and InlineSQLHelperImpl also has proper checks for groupId validity on master/7.0.x, but not on 6.2.x.

      Steps to reproduce:
      1. Deploy attached JournalSearch-portlet-6.2.10.1.war
      2. Add an open site : "Site A"
      3. Add a basic web content in site A
      4. Add a page with web content display this web content
      5. Add an open site : "Site B"
      6. Add a page with JournalSearch-portlet
      Checkpoint: Go to "Site A" and check the page with web content display
      => Web content appear
      Go to "Site B" and check JournalSearch-portlet
      => "Found 1 web content(s)" text appear

      7. Create a user : "User One"
      8. Add "User One" to "Site A" and "Site B"
      9. Connect with "User One"
      Checkpoint: Go to "Site A" and check the page with web content display
      => "User One" see web content because he has permission to see it

      10. Go to "Site B" and check JournalSearch-portlet
      Result: "Found 0 web content(s)" text appear
      Expected: "Found 1 web content(s)" text appear


      Technical Info
      The sample portlet does a service call like

      JournalArticleServiceUtil.search(
      			companyId, groupId, folderIds, classNameId, keywords, version,
      			ddmStructureKey, ddmTemplateKey, displayDateGT, displayDateLT, status,
      			reviewDate, start, end, obc);
      

      where groupId is 0 based on the JavaDoc of the related method and should return the JournalArticles when the fix is working.

      The problem is that the final SQL query will contain a block for inline-permission-check for regular users which looks like this before the fix:

      (...)
      		INNER JOIN ResourcePermission ON (ResourcePermission.companyId = 20155) AND (ResourcePermission.name = 'com.liferay.portlet.journal.model.JournalArticle') AND (ResourcePermission.scope = 4) AND (MOD(ResourcePermission.actionIds, 2) = 1) AND (ResourcePermission.roleId IN (20163)) AND 	
      		((ResourcePermission.primKey = CAST(JournalArticle.resourcePrimKey AS CHAR)) AND (JournalArticle.groupId = 0))
      (...)
      

      As this is a join with the JournalArticle table, no article records will be kept in the join due to the JournalArticle.groupId = 0 condition which will never be true.

        Attachments

        1. com.example.journal.search-1.0.0.jar
          6 kB
        2. fixed.png
          fixed.png
          9 kB
        3. JournalSearch.zip
          26 kB
        4. JournalSearch-portlet.zip
          46 kB
        5. JournalSearch-portlet-6.2.10.1.war
          37 kB

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  1 year, 50 weeks ago

                  Packages

                  Version Package
                  6.2.X EE