Uploaded image for project: 'External Enterprise Search'
  1. External Enterprise Search
  2. ESRCH-43

[INVESTIGATION] Make sure access control restrictions are honoured

    XMLWordPrintable

Details

    • Story
    • Resolution: Unresolved
    • Neutral
    • None
    • None
    • None

    Description

      We need to ensure that queries against ES return results that are consistent with the current user's access rights in JCR:

      • Individual results should only include items that the currently logged in user has read access to.
      • Aggregated results (count, sum, etc.) should only include items that the current user has read access to.
      • Join queries should only join against items the current user has read access to. E.g. for the equivalent of isDescendantNode in JCR, a user needs access to the parent node to find its children.

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                mduerig Michael Duerig
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Task DoD