Hi, We are having issues with authorization when there are negative acls.
I have included an example below : · Indexing done using manifoldcf v 2.5, solr v 5.5.2 · Indexed document with r_object_id 091e86d986f6a044 · document has acl idocs_inst_540278_O_acl · acl idocs_inst_540278_O_acl has negative group added to it (r_accessor_name: emucw ; r_accessor_permit :1) · on indexing we see document has acl idocs_inst_540278_O_acl on allowed_token · user 000470248 has been added to group emucw · On querytime we get user having acl idocs_inst_540278_O_acl and user is able to see the document, ideally there should not be access as negative group should take priority and should not be available in user acl. I have attached screenshots and query logs: · User acls at query time [cid:[email protected]] · Query to fetch user acls in code : SELECT DISTINCT A.owner_name, A.object_name FROM dm_acl A WHERE A.object_name NOT LIKE 'dm_%' AND ( (any (A.r_accessor_name IN ('" + strAccessToken + "', 'dm_world') AND r_accessor_permit>2) OR (any (A.r_accessor_name='dm_owner' AND A.r_accessor_permit>2) AND A.owner_name=" + quoteDQLString(strAccessToken) + ") OR (ANY (A.r_accessor_name in (SELECT G.group_name FROM dm_group G WHERE ANY G.i_all_users_names = " + quoteDQLString(strAccessToken) + ") AND r_accessor_permit>2)) ) · Document values [cid:[email protected]] Kindly let me know if more details are required. How do I resolve above issue Thanks Sharnel
