You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Tommaso Teofili (JIRA)" <ji...@apache.org> on 2016/06/24 09:07:16 UTC
[jira] [Commented] (OAK-4502) LucenePropertyIndex doesn't use filter's path for ACL checks of suggest queries

    [ https://issues.apache.org/jira/browse/OAK-4502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15348039#comment-15348039 ] 

Tommaso Teofili commented on OAK-4502:
--------------------------------------

thanks Stefan for your patch, I think you're right. It'd be good if we could cover this with a unit test.

> LucenePropertyIndex doesn't use filter's path for ACL checks of suggest queries
> -------------------------------------------------------------------------------
>
>                 Key: OAK-4502
>                 URL: https://issues.apache.org/jira/browse/OAK-4502
>             Project: Jackrabbit Oak
>          Issue Type: Bug
>          Components: lucene
>    Affects Versions: 1.4.1
>         Environment: AEM 6.2 with Oak 1.4.1
>            Reporter: Stefan Grinsted
>            Assignee: Tommaso Teofili
>              Labels: patch
>         Attachments: Screen Shot 2016-06-23 at 22.43.14.png, Screen Shot 2016-06-23 at 22.43.47.png
>
>
> When querying for suggestions, the {{LucenePropertyIndex}} performs the ACL checks for the suggested terms incorrectly if the {{oak:index}} definition is not located under the root.
> In my example, I have an {{oak:index}} definition under {{/content/wcgcom/demo/example/oak:index/lucene-suggest}} looking like this:
> {code}
>           <lucene-suggest
>               jcr:primaryType="oak:QueryIndexDefinition"
>               async="async"
>               compatVersion="{Long}2"
>               reindex="{Boolean}false"
>               reindexCount="{Long}5"
>               type="lucene">
>               <indexRules jcr:primaryType="nt:unstructured">
>                   <nt:base jcr:primaryType="nt:unstructured">
>                       <properties jcr:primaryType="nt:unstructured">
>                           <props
>                               jcr:primaryType="nt:unstructured"
>                               analyzed="{Boolean}true"
>                               isRegexp="{Boolean}true"
>                               name="jcr:(title|description)|title|subtitle|boldTitle"
>                               propertyIndex="{Boolean}true"
>                               useInSuggest="{Boolean}true"/>
>                       </properties>
>                   </nt:base>
>               </indexRules>
>               <suggestion
>                   jcr:primaryType="nt:unstructured"
>                   suggestAnalyzed="{Boolean}true"
>                   suggestUpdateFrequencyMinutes="{Long}20"/>
>           </lucene-suggest>
> {code}
> And most relevant content under this path: {{/content/wcgcom/demo/example/home}}
> When inspecting the ACL checks happening in the suggestion part of {{LucenePropertyIndex#loadDocs}} it seems the Document's path as returned by {{retrievedDoc.get(FieldNames.PATH)}} starts from the root path of the index. So in this case an example of a document path from the index above could be {{/home/about-us/news/jcr:content/headerParagraph/shortheader}} (notice that it's missing the full path to the root of the JCR workspace (specifically missing {{/content/wcgcom/demo/example}} in this case)
> I believe this could be solved by simply prefixing the document path with {{filter.getPath()}}. And looking through the code, it looks like the same problem is present for the spellcheck type queries.
> Here's a patch that could potentially fix this (untested): 
> {noformat}
> diff --git a/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java b/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
> index 7e5291f..a262f3e 100644
> --- a/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
> +++ b/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
> @@ -464,7 +464,7 @@ public class LucenePropertyIndex implements AdvancedQueryIndex, QueryIndex, Nati
>                              if (topDocs.totalHits > 0) {
>                                  for (ScoreDoc doc : topDocs.scoreDocs) {
>                                      Document retrievedDoc = searcher.doc(doc.doc);
> -                                    if (filter.isAccessible(retrievedDoc.get(FieldNames.PATH))) {
> +                                    if (filter.isAccessible(filter.getPath() + retrievedDoc.get(FieldNames.PATH))) {
>                                          queue.add(new LuceneResultRow(suggestion.string));
>                                          break;
>                                      }
> @@ -492,7 +492,7 @@ public class LucenePropertyIndex implements AdvancedQueryIndex, QueryIndex, Nati
>                              if (topDocs.totalHits > 0) {
>                                  for (ScoreDoc doc : topDocs.scoreDocs) {
>                                      Document retrievedDoc = searcher.doc(doc.doc);
> -                                    if (filter.isAccessible(retrievedDoc.get(FieldNames.PATH))) {
> +                                    if (filter.isAccessible(filter.getPath() + retrievedDoc.get(FieldNames.PATH))) {
>                                          queue.add(new LuceneResultRow(suggestion.key.toString(), suggestion.value));
>                                          break;
>                                      }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)