You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Tommaso Teofili (JIRA)" <ji...@apache.org> on 2015/02/06 15:32:34 UTC

[jira] [Updated] (OAK-2473) ACL checks on suggestions

     [ https://issues.apache.org/jira/browse/OAK-2473?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Tommaso Teofili updated OAK-2473:
---------------------------------
    Attachment: OAK-2473.0.patch

I've drafted a patch (for Lucene only for now) using the second approach (index specific).

The "ACL check" here is not actually an ACL permission evaluation, but rather a check wether a certain path exists in a certain {{NodeState}}:
{code}
private boolean exists(String path, NodeState root) {
        boolean result = true;
        NodeState nodeState = root;
        for (String n : PathUtils.elements(path)) {
            if (nodeState.hasChildNode(n)) {
                nodeState = nodeState.getChildNode(n);
            } else {
                result = false;
                break;
            }
        }
        return result;
    }
{code}

which is used for filtering the {{LookupResults}}.
{code}
List<Lookup.LookupResult> lookupResults = SuggestHelper.getSuggestions(suggestQuery);

                        // ACL filter suggestions
                        Collection<String> suggestedWords = new ArrayList<String>(lookupResults.size());
                        QueryParser qp = new QueryParser(Version.LUCENE_47, FieldNames.FULLTEXT, indexNode.getDefinition().getAnalyzer());
                        for (Lookup.LookupResult suggestion : lookupResults) {
                            Query query = qp.createPhraseQuery(FieldNames.FULLTEXT, suggestion.key.toString());

                            TopDocs topDocs = searcher.search(query, 1);
                            if (topDocs.totalHits > 0) {
                                for (ScoreDoc doc : topDocs.scoreDocs) {
                                    Document retrievedDoc = searcher.doc(doc.doc);
                                    if (exists(retrievedDoc.get(FieldNames.PATH), rootState)) {
                                        suggestedWords.add("{term=" + suggestion.key + ",weight=" + suggestion.value + "}");
                                        break;
                                    }
                                }
                            }
                        }
{code}

> ACL checks on suggestions
> -------------------------
>
>                 Key: OAK-2473
>                 URL: https://issues.apache.org/jira/browse/OAK-2473
>             Project: Jackrabbit Oak
>          Issue Type: Sub-task
>          Components: query
>            Reporter: Tommaso Teofili
>             Fix For: 1.1.7
>
>         Attachments: OAK-2473.0.patch
>
>
> Support for ACL check suggestions needs to be added to avoid providing suggestions coming from index data whose source nodes / properties were not meant to be readable from the calling user.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)