Stefan Grinsted created OAK-4502:
------------------------------------
Summary: LucenePropertyIndex doesn't use filter's path for ACL
checks of suggest queries
Key: OAK-4502
URL: https://issues.apache.org/jira/browse/OAK-4502
Project: Jackrabbit Oak
Issue Type: Bug
Components: lucene
Affects Versions: 1.4.1
Environment: AEM 6.2 with Oak 1.4.1
Reporter: Stefan Grinsted
When querying for suggestions, the {{LucenePropertyIndex}} performs the ACL
checks for the suggested terms incorrectly if the {{oak:index}} definition is
not located under the root.
In my example, I have an {{oak:index}} definition under
{{/content/wcgcom/demo/example/oak:index/lucene-suggest}} looking like this:
{code}
<lucene-suggest
jcr:primaryType="oak:QueryIndexDefinition"
async="async"
compatVersion="{Long}2"
reindex="{Boolean}false"
reindexCount="{Long}5"
type="lucene">
<indexRules jcr:primaryType="nt:unstructured">
<nt:base jcr:primaryType="nt:unstructured">
<properties jcr:primaryType="nt:unstructured">
<props
jcr:primaryType="nt:unstructured"
analyzed="{Boolean}true"
isRegexp="{Boolean}true"
name="jcr:(title|description)|title|subtitle|boldTitle"
propertyIndex="{Boolean}true"
useInSuggest="{Boolean}true"/>
</properties>
</nt:base>
</indexRules>
<suggestion
jcr:primaryType="nt:unstructured"
suggestAnalyzed="{Boolean}true"
suggestUpdateFrequencyMinutes="{Long}20"/>
</lucene-suggest>
{code}
And most relevant content under this path: {{/content/wcgcom/demo/example/home}}
When inspecting the ACL checks happening in the suggestion part of
{{LucenePropertyIndex#loadDocs}} it seems the Document's path as returned by
{{retrievedDoc.get(FieldNames.PATH)}} starts from the root path of the index.
So in this case an example of a document path from the index above could be
{{/home/about-us/news/jcr:content/headerParagraph/shortheader}} (notice that
it's missing the full path to the root of the JCR workspace (specifically
missing {{/content/wcgcom/demo/example}} in this case)
I believe this could be solved by simply prefixing the document path with
{{filter.getPath()}}. And looking through the code, it looks like the same
problem is present for the spellcheck type queries.
Here's a patch that could potentially fix this (untested):
{noformat}
diff --git
a/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
b/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
index 7e5291f..a262f3e 100644
---
a/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
+++
b/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/LucenePropertyIndex.java
@@ -464,7 +464,7 @@ public class LucenePropertyIndex implements
AdvancedQueryIndex, QueryIndex, Nati
if (topDocs.totalHits > 0) {
for (ScoreDoc doc : topDocs.scoreDocs) {
Document retrievedDoc =
searcher.doc(doc.doc);
- if
(filter.isAccessible(retrievedDoc.get(FieldNames.PATH))) {
+ if (filter.isAccessible(filter.getPath() +
retrievedDoc.get(FieldNames.PATH))) {
queue.add(new
LuceneResultRow(suggestion.string));
break;
}
@@ -492,7 +492,7 @@ public class LucenePropertyIndex implements
AdvancedQueryIndex, QueryIndex, Nati
if (topDocs.totalHits > 0) {
for (ScoreDoc doc : topDocs.scoreDocs) {
Document retrievedDoc =
searcher.doc(doc.doc);
- if
(filter.isAccessible(retrievedDoc.get(FieldNames.PATH))) {
+ if (filter.isAccessible(filter.getPath() +
retrievedDoc.get(FieldNames.PATH))) {
queue.add(new
LuceneResultRow(suggestion.key.toString(), suggestion.value));
break;
}
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
