forked from liferay/liferay-portal
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LPS-74827 For site role, it should be added into index field "groupRoleId" so that it can match with search query. #342
Closed
Closed
Changes from 1 commit
Commits
Show all changes
83 commits
Select commit
Hold shift + click to select a range
31be513
LPS-74784 Do not run this upgrade process as its logic is duplicated …
mbowerman 54f7948
LPS-74784 Delete unused class
mbowerman b405155
subrepo:ignore Update 'modules/apps/collaboration/notifications/.gitr…
liferay-continuous-integration 066fc82
LRQA-35147 Reset page before navigating to a different site
anthony-chu 2b4cec1
LRQA-35147 Add structure from "More" list if not immediately present
anthony-chu 9a8ca86
LRQA-35275 Use portlet-specific save macro
anthony-chu e1dd496
LRQA-35356 Replace portlet-specific macro with general macro
anthony-chu 4090c09
LRQA-35356 Ensure search term matches content in card
anthony-chu 1255619
LPS-75142 Reverts changes added in LPS-71408 because we cannot use Dy…
ealonso ee0f37a
subrepo:ignore Update 'modules/apps/collaboration/document-library/.g…
liferay-continuous-integration dcad2ee
LPS-75087 Document Library - Moves test class to module
ealonso 983bc0f
LPS-75087 Document Library - Run with Arquillian
ealonso 447b0ac
LPS-75087 Document Library - Adds PermissionCheckerTestRule
ealonso 9690e48
subrepo:ignore Update 'modules/apps/collaboration/document-library/.g…
liferay-continuous-integration b01824c
LPS-74833 The rendering of the screen for a screen entry should not b…
jkappler 62ab1d9
LPS-74833 Change markup for screen entries where used
jkappler a1e4e1b
LPS-74833 Rename variable to context
jkappler 7b21543
LPS-74833 Create a new parameter called context that will substitute …
jkappler d8be68c
LPS-74833 Use right parameter
jkappler 791ffba
LPS-74833 Moves fieldset inside the form
ealonso b1bc8a4
LPS-74833 Let form handle the width
ealonso 6a46ad4
LPS-73414 Use "new style" keys with embedded markup
adolfopa df6b920
LPS-73414 Fix broken translations
adolfopa 83beee0
LPS-73414 Translate to italian
mmariuzzo ea8fbac
LPS-73414 Parameterize key with markup
adolfopa 063e64f
LPS-73414 Fix some more language keys
97d9594
subrepo:ignore Update 'modules/apps/foundation/frontend-taglib/.gitre…
liferay-continuous-integration 5ca2b1c
subrepo:ignore Update 'modules/apps/web-experience/asset/.gitrepo'.
liferay-continuous-integration d9f1d3a
subrepo:ignore Update 'modules/apps/collaboration/document-library/.g…
liferay-continuous-integration 35743a5
LPS-74663 Avoid the creation of temp files in single range requests
JavierMoral f2fdf84
LPS-74663 Avoid the creation of temp files in range requests when ran…
JavierMoral ba9a411
LPS-74663 Separate range copying from input stream conversion
adolfopa 6e74964
LPS-74663 Copy the input stream only if non sequential ranges
adolfopa 4dbbcd5
LPS-74663 Merge both copyRange methods
adolfopa 8a74aca
LPS-74663 SF - Rename and make private
adolfopa 3eca53c
LPS-74663 SF
adolfopa 2bf03ed
LPS-74663 SF - Return value not necessary
adolfopa e622c78
LPS-74663 Make sure we close the stream only when finished
adolfopa 8db14aa
LPS-74663 SF - Use foreach loop
adolfopa 6366773
LPS-74663 SF - Refactor to be more semantic
JavierMoral 88d3bb9
LPS-74663 can I sort this?
brianchandotcom d5989f0
LPS-75011 This is a better way to do it (see LPS description for more…
mbowerman 415ce85
LPS-75145 Create service context with the new group and not the defau…
jkappler 0b12c97
subrepo:ignore Update 'modules/apps/web-experience/asset/.gitrepo'.
liferay-continuous-integration 9b0ce97
LPS-74910 calculate selectedGroupIds after request
SpencerWoo 4401abc
LPS-74910 SF
ealonso b8e2c4a
LPS-74910 Uses new parameter
ealonso 35c9363
subrepo:ignore Update 'modules/apps/web-experience/asset/.gitrepo'.
liferay-continuous-integration bec0095
Revert "LPS-63943 Disable up-to-date check to always print a message"
Ithildir 4b47705
LPS-63943 Always execute "mergeArtifactsPublishCommands" task
Ithildir c10e30f
LPS-63943 Update changelog
Ithildir 61ba03f
LPS-63943 prep next, use latest
brianchandotcom d18d5f5
LPS-74844 Edit changelogs
codyhoag 307dfab
LRDOCS-2023 Fix broken plugin and ticket links
codyhoag 4f6b075
LPS-74770 In some programming languages, you need if/then. In English…
codyhoag e51c56c
LPS-74770 Additional wordsmithing for the Node Gradle Plugin's README
codyhoag 88baeb4
LPS-74275 Remove the useless commons-emails.jar
yxingwu 88781ce
LPS-74275 Generated
yxingwu 03fa45f
LRQA-34625 Add debug code
pyoo47 8dd8e4e
LRQA-35366 Use specific branches for subrepository merge pull requests
michaelhashimoto f85d97b
LRQA-34625 Set the upstream remote according to the upstream branch f…
pyoo47 a7af394
LRQA-34625 Minimize usage of 'git rev-parse --abbrev-ref'
pyoo47 4388738
LRQA-34625 set remoteURL
pyoo47 e3f7887
LRQA-34625 prep next, use latest
brianchandotcom 2a9e793
artifact:ignore calevent-importer 1.0.9 prep next
brianchandotcom ade0a7c
artifact:ignore frontend-columns-layouttpl 7.0.0.2 prep next
brianchandotcom 7520b66
artifact:ignore frontend-theme-1975-london 1.0.24 prep next
brianchandotcom 496ae9d
artifact:ignore frontend-theme-fjord 1.0.28 prep next
brianchandotcom 339ddf3
artifact:ignore frontend-theme-porygon 1.0.25 prep next
brianchandotcom 2436a23
artifact:ignore frontend-theme-westeros-bank 1.0.41 prep next
brianchandotcom 6c91fe9
artifact:ignore opensocial-portlet 7.0.0.32 prep next
brianchandotcom e9a69f1
artifact:ignore powwow-portlet 7.0.0.11 prep next
brianchandotcom f8aef44
artifact:ignore social-bookmarks-hook 7.0.0.4 prep next
brianchandotcom 332639b
artifact:ignore tasks-portlet 7.0.0.8 prep next
brianchandotcom 6756ee1
artifact:ignore notifications-web 1.0.23 prep next
brianchandotcom 8c4d799
portal-workflow-kaleo-runtime-impl packageinfo
brianchandotcom 8376391
Record reference to liferay-portal/master-private with git-commit-por…
brianchandotcom ef206e8
subrepo:ignore Update 'modules/apps/collaboration/notifications/.gitr…
liferay-continuous-integration 77a1198
LPS-75087 Leave twitterSn blank, otherwise SynchronizeTwitterMessageL…
shuyangzhou 4f1fa4d
LPS-75087 Ignore broken test, @ealonso please fix it.
shuyangzhou 0ae7fc0
subrepo:ignore Update 'modules/apps/foundation/portal-security/.gitre…
liferay-continuous-integration a70ee06
LPS-74827 When add index field "groupRoleId", if the document groupId…
b7156d3
LPS-74827 For site role, it should be added into index field "groupRo…
File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi guys,
I'm not sure this is correct, but I don't know search permission checking.
I think when we index the document, it's fine to add
SCOPE_INDIVIDUAL
roles. When we change permissions we can reindex just one doc.But is it fine to index also
ResourceConstants.SCOPE_GROUP_TEMPLATE
roles? When we change assignment on that scope then we need to reindex everything?!On the other hand, when you index these wide-in-scope permissions, why don't you add also
SCOPE_GROUP
andSCOPE_COMPANY
roles and move whole permission checking inside search operation?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @topolik
Thanks for your check. Please refer to the below explanation:
1.Why index ResourceConstants.SCOPE_GROUP_TEMPLATE(or ) roles?
In search query, we use ({"terms" : {"groupRoleId" : [ "groupId-roleId"]}), and if the entry is only viewable for siteRole, own siteRole's user also can view the model.
2.Why don't I add also SCOPE_GROUP and SCOPE_COMPANY?
Please refer to https://github.com/yuhai/liferay-portal/blob/master/modules/apps/foundation/portal-search/portal-search/src/main/java/com/liferay/portal/search/internal/SearchPermissionCheckerImpl.java#L415-L427
When compose search query, if regular role owns view permission, the query({"terms" : {"groupRoleId" : [ "groupId-roleId"]}) won't add into query. However, we can't do siteRole (as regular role) in search query because siteRole needs to use with group together.
Please refer to the fix detailed explanation from hhuijser#3030 (comment)
Regards,
Hai