Details
-
Story
-
Resolution: Unresolved
-
Neutral
-
None
-
None
-
None
Description
We need to ensure that queries against ES return results that are consistent with the current user's access rights in JCR:
- Individual results should only include items that the currently logged in user has read access to.
- Aggregated results (count, sum, etc.) should only include items that the current user has read access to.
- Join queries should only join against items the current user has read access to. E.g. for the equivalent of isDescendantNode in JCR, a user needs access to the parent node to find its children.
Checklists
Acceptance criteria
Attachments
Issue Links
- mentioned in
-
Page Loading...