Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-27213

Queries with "ecm:ancestorId " fails in ES with security exception if run with a user with no READ on ancestor

    Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 10.10
    • Fix Version/s: None
    • Component/s: Elasticsearch

      Description

      The Guest user executes the following query in ES: Select * from Document where ecm:ancestorId <> '732c2ef6-19d3-45a8-97e7-b6cff7d84909' => this will fail with a Permission 'Read' is not granted to 'Guest' on document, because the ancestor document is fetched in NxqlQueryConverter.makeAncestorIdFilter and a security policy put in place returns DENY on this document

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                PagerDuty

                Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.