Hey Jukka, On Tue, Oct 29, 2013 at 4:07 AM, Jukka Zitting <[email protected]> wrote: > Hi, > > On Mon, Oct 28, 2013 at 4:07 AM, Ard Schrijvers > <[email protected]> wrote: >> IIRC, the #getSize() method worked a bit different Jukka. > > IIUC Torgeir was referring to the getTotalSize() method which is
Yes he was. I am sorry about the noice : for the getTotalSize method I fully agree with your reasoning > designed to return the total number of results that would have been > returned if the query had no limit on it. See JCR-1073/JCR-3474. > >> (and since we integrated authorization into the queries we have cheap >> correct total counts) > > Nice! :-) Of course it was only possible if we put constraints on our authorization model : It is based on properties of nodes solely to be able to efficiently translate it to lucene queries. See [1] in case you're interested > >> Any way, imo it has always been quite confusing, but changing the >> confusing behavior in a micro version doesn't help. > > This was a bit of a borderline case (see comments in JCR-3402), and it > is indeed debatable whether it was a right call to include the change > in a patch release. The fact that the change plugged a potential > security issue weighed in my decision to include it. > > If the change is causing trouble, let's file a followup issue and see > what should be done to make the behavior more backwards-compatible > without compromising security. It is not causing trouble, as I overlooked the getTotalSize method and thought it was about getSize. Thanks for your feedback Jukka Regards Ard [1] http://www.onehippo.com/en/resources/blogs/2013/01/cms-7.8-nailed-down-authorization-combined-with-searches.html > > BR, > > Jukka Zitting -- Amsterdam - Oosteinde 11, 1017 WT Amsterdam Boston - 1 Broadway, Cambridge, MA 02142 US +1 877 414 4776 (toll free) Europe +31(0)20 522 4466 www.onehippo.com
