Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-74782

JournalArticleServiceUtil.search doesn't work well when searching in all groups



      master/7.0.x: Already fixed as part of LPS-63181 (Technical Task) and LPS-69516 (partially committed to ee-6.2.x)

      groupId = 0 means "all groups" when passing to JournalArticleService.search, so it should return Web Contents from all Sites. For regular users, however, it doesn't return anything.

      The Javadoc of JournalArticleService.search writes about groupId parameter that "the primary key of the group (optionally 0)".

      JournalArticleFinderImpl handles 0 (or less) groupIds properly as follows

      if (groupId <= 0) {
      	sql = StringUtil.replace(
      		sql, "(JournalArticle.groupId = ?) AND", StringPool.BLANK);

      and InlineSQLHelperImpl also has proper checks for groupId validity on master/7.0.x, but not on 6.2.x.

      Steps to reproduce:
      1. Deploy attached JournalSearch-portlet-
      2. Add an open site : "Site A"
      3. Add a basic web content in site A
      4. Add a page with web content display this web content
      5. Add an open site : "Site B"
      6. Add a page with JournalSearch-portlet
      Checkpoint: Go to "Site A" and check the page with web content display
      => Web content appear
      Go to "Site B" and check JournalSearch-portlet
      => "Found 1 web content(s)" text appear

      7. Create a user : "User One"
      8. Add "User One" to "Site A" and "Site B"
      9. Connect with "User One"
      Checkpoint: Go to "Site A" and check the page with web content display
      => "User One" see web content because he has permission to see it

      10. Go to "Site B" and check JournalSearch-portlet
      Result: "Found 0 web content(s)" text appear
      Expected: "Found 1 web content(s)" text appear

      Technical Info
      The sample portlet does a service call like

      			companyId, groupId, folderIds, classNameId, keywords, version,
      			ddmStructureKey, ddmTemplateKey, displayDateGT, displayDateLT, status,
      			reviewDate, start, end, obc);

      where groupId is 0 based on the JavaDoc of the related method and should return the JournalArticles when the fix is working.

      The problem is that the final SQL query will contain a block for inline-permission-check for regular users which looks like this before the fix:

      		INNER JOIN ResourcePermission ON (ResourcePermission.companyId = 20155) AND (ResourcePermission.name = 'com.liferay.portlet.journal.model.JournalArticle') AND (ResourcePermission.scope = 4) AND (MOD(ResourcePermission.actionIds, 2) = 1) AND (ResourcePermission.roleId IN (20163)) AND 	
      		((ResourcePermission.primKey = CAST(JournalArticle.resourcePrimKey AS CHAR)) AND (JournalArticle.groupId = 0))

      As this is a join with the JournalArticle table, no article records will be kept in the join due to the JournalArticle.groupId = 0 condition which will never be true.


        1. com.example.journal.search-1.0.0.jar
          6 kB
        2. fixed.png
          9 kB
        3. JournalSearch.zip
          26 kB
        4. JournalSearch-portlet.zip
          46 kB
        5. JournalSearch-portlet-
          37 kB

        Issue Links



              hong.zhao Hong Zhao (Inactive)
              istvan.sajtos Istvan Sajtos
              Kiyoshi Lee Kiyoshi Lee
              0 Vote for this issue
              2 Start watching this issue


                5 years, 9 weeks, 3 days ago


                  Version Package
                  6.2.X EE