AnsweredAssumed Answered

How does the search result filtering work ?

Question asked by zengqingyi12 on Dec 9, 2010
Latest reply on Jan 13, 2011 by ribz33
I find configuration below in alfresco:

    <!– All search results are filtered to exclude nodes that the current user can not        –>
    <!– read. Other methods restrict queries to those nodes the user can read                 –>

    <bean id="SearchService_security" class="org.alfresco.repo.security.permissions.impl.acegi.MethodSecurityInterceptor">
        <property name="authenticationManager"><ref bean="authenticationManager"/></property>
        <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
        <property name="afterInvocationManager"><ref local="afterInvocationManager"/></property>
        <property name="objectDefinitionSource">
            <value>
                org.alfresco.service.cmr.search.SearchService.query=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.selectNodes=ACL_ALLOW,AFTER_ACL_NODE.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.selectProperties=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.contains=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.like=ACL_NODE.0.sys:base.Read
                org.alfresco.service.cmr.search.SearchService.*=ACL_DENY
            </value>
        </property>
    </bean>
But after I navigate to MethodSecurityInterceptor.java, it seems that it only check if current user have the permission to call "query" method, but not filter all the nodes in search result.
Can someone tell me where does the filtering work ? In which class ?

Thanks in advance !

Outcomes