Item10652: the ACL query code isn't yet identical in search vs query,…

… fixup git-svn-id: http://svn.foswiki.org/trunk/MongoDBPlugin@12193 0b4bb1d4-4e5a-0410-9cc4-b2b747904278
foswiki · Jul 21, 2011 · 59d741b · 59d741b
1 parent 5aeef76
commit 59d741b
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 12 deletions.
diff --git a/lib/Foswiki/Store/QueryAlgorithms/MongoDB.pm b/lib/Foswiki/Store/QueryAlgorithms/MongoDB.pm
@@ -150,8 +150,6 @@ sub _webQuery {
         ASSERT( not( defined( $mongoQuery->{ERROR} ) ) ) if DEBUG;
 
         if (not $session->{users}->isAdmin( $session->{user} )) {
-            ASSERT($session == $Foswiki::Func::SESSION) if DEBUG;
-            ASSERT(defined($Foswiki::Func::SESSION->{users}) )if DEBUG;
             #add ACL filter
             my $userIsIn = Foswiki::Plugins::MongoDBPlugin::getACLProfilesFor($session->{user}, $web, $session);
             ### ((_ACLProfile_ALLOWTOPICVIEW: $in(userIsIn, UNDEF)) AND (_ACLProfile.DENYTOPICVIEW: $NOTin(userIsIn)))

diff --git a/lib/Foswiki/Store/SearchAlgorithms/MongoDB.pm b/lib/Foswiki/Store/SearchAlgorithms/MongoDB.pm
@@ -295,20 +295,21 @@ sub _webQuery {
     }
 
     if (not $session->{users}->isAdmin( $session->{user} )) {
-        ASSERT($session == $Foswiki::Func::SESSION) if DEBUG;
-        ASSERT(defined($Foswiki::Func::SESSION->{users}) )if DEBUG;
         #add ACL filter
         my $userIsIn = Foswiki::Plugins::MongoDBPlugin::getACLProfilesFor($session->{user}, $web, $session);
         ### ((_ACLProfile_ALLOWTOPICVIEW: $in(userIsIn, UNDEF)) AND (_ACLProfile.DENYTOPICVIEW: $NOTin(userIsIn)))
         #TODO: this is incorrect, it needs to also have the logic for the web default (and be inverted if the web DENYs the user..
-        if ($session->access->haveAccess('VIEW', $session->{user}, $web)) {
-            #TODO: potential BUG - if user is in both allow and deny, the algo chooses allow
-            $mongoQuery->{_ACLProfile_ALLOWTOPICVIEW} = {'$in' => [@$userIsIn, 'UNDEFINED']};
-            $mongoQuery->{_ACLProfile_DENYTOPICVIEW} = {'$nin' => $userIsIn};
-        } else {
-            #user is already denied, so we only get view access _if_ the user is specifically ALLOWed
-            $mongoQuery->{_ACLProfile_ALLOWTOPICVIEW} = {'$in' => [@$userIsIn]};
-        }
+ 	    if ($session->access->haveAccess('VIEW', $session->{user}, $web)) { 
+	 	        #TODO: potential BUG - if user is in both allow and deny, the algo chooses allow 
+	 	        #$mongoQuery->{_ACLProfile_ALLOWTOPICVIEW} = {'$in' => [@$userIsIn, 'UNDEFINED']}; 
+	 	        #$mongoQuery->{_ACLProfile_DENYTOPICVIEW} = {'$nin' => $userIsIn}; 
+	 	        $ixhQuery->Push( '_ACLProfile_ALLOWTOPICVIEW' => {'$in' => [@$userIsIn, 'UNDEFINED']} ); 
+	 	        $ixhQuery->Push( '{_ACLProfile_DENYTOPICVIEW}' => {'$nin' => $userIsIn} ); 
+	 	    } else { 
+	 	        #user is already denied, so we only get view access _if_ the user is specifically ALLOWed 
+	 	        #$mongoQuery->{_ACLProfile_ALLOWTOPICVIEW} = {'$in' => [@$userIsIn]}; 
+	 	        $ixhQuery->Push( '_ACLProfile_ALLOWTOPICVIEW' => {'$in' => $userIsIn} ); 
+	 	    } 
     }
 
     #limit, skip, sort_by