manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Luis Cabaceira (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CONNECTORS-1473) Authority Service doesn't return same set of tokens for user at query time as the set used for ingestion, when using Alfresco
Date Sun, 03 Dec 2017 18:14:00 GMT

    [ https://issues.apache.org/jira/browse/CONNECTORS-1473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16276020#comment-16276020
] 

Luis Cabaceira commented on CONNECTORS-1473:
--------------------------------------------

To what "individual user" are you referring ? I've just checked this and
below is the list of fields returned by the connector with some sample
data, for each document we have both the creator and the modifier, are this
fields what you are referring as the "individual user" ?


*cm:creator value : [admin] *
*cm:modifier value : [admin]*

cm:autoVersion value : [true]
cm:versionType value : [MAJOR]
cm:created value : [2017-09-26T17:06:26Z]
cm:versionLabel value : [1.0]
exif:yResolution value : [72.0]
    :aspects value : [[exif:exif, cm:versionable, cm:author, sys:localized,
sys:referenceable, cm:titled, cm:auditable]]
    :type value : [cm:content]
    :sys:node-uuid value : [22d0b236-27a9-4b90-bf55-7e2a4c4c4d72]
path value : [/app:company_home/cm:manifold/cm:_x0035_43.jpg]
exif:pixelYDimension value : [1280]
exif:resolutionUnit value : [Inch]
sys:locale value : [en_US]
cm:modified value : [2017-09-26T17:06:27Z]
exif:orientation value : [1]
exif:xResolution value : [72.0]
cm:autoVersionOnUpdateProps value : [false]
documentUrl value : [
http://localhost:8080/alfresco/service/slingshot/node/workspace/SpacesStore/22d0b236-27a9-4b90-bf55-7e2a4c4c4d72]

sys:store-protocol value : [workspace]
sys:store-identifier value : [SpacesStore]
cm:content value :
[contentUrl=store://2017/9/26/17/6/72526a8a-1374-4e42-a638-12480b4f8683.bin|mimetype=image/jpeg|size=610110|encoding=UTF-8|locale=en_US_|id=336]

version value : [1.0]
exif:pixelXDimension value : [1920]
previewUrlPath value : [
http://localhost:8080/share/proxy/api/node/workspace/SpacesStore/22d0b236-27a9-4b90-bf55-7e2a4c4c4d72/content/thumbnails/webpreview]

size value : [610110]
nodeRef value :
[workspace://SpacesStore/22d0b236-27a9-4b90-bf55-7e2a4c4c4d72]
thumbnailUrlPath value : [
http://localhost:8080/share/proxy/api/node/workspace/SpacesStore/22d0b236-27a9-4b90-bf55-7e2a4c4c4d72/content/thumbnails/doclib?c=queue&ph=true&lastModified=1]

cm:name value : [543.jpg]
sys:node-dbid value : [989]
mimetype value : [image/jpeg]
cm:initialVersion value : [true]
contentUrlPath value : [
http://localhost:8080/alfresco/service/api/node/workspace/SpacesStore/22d0b236-27a9-4b90-bf55-7e2a4c4c4d72/content]

exif:software value : [Adobe Photoshop CC 2015 (Macintosh)]





-- 
Luis Cabaceira


> Authority Service doesn't return same set of tokens for user at query time as the set
used for ingestion, when using Alfresco
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: CONNECTORS-1473
>                 URL: https://issues.apache.org/jira/browse/CONNECTORS-1473
>             Project: ManifoldCF
>          Issue Type: Bug
>          Components: Alfresco webscript connector
>         Environment: Alfresco:
> Installed Schema	6022
> Installed Version	4.2.0 (4576)
> Server Schema	6022
> Server Version	4.2.0 (4576)
> ManifoldCF - built from source using the latest sources about a month ago
> Solr - 6.6.0
>            Reporter: Phillip Rhodes
>            Assignee: Karl Wright
>             Fix For: ManifoldCF 2.9
>
>         Attachments: CONNECTORS-1473.patch
>
>
> Using ManifoldCF to index content from Alfresco into Solr, and using the MCF SearchComponent
to restrict access on the Solr side, I'm seeing the following unusual behavior:
> 1. I have an Alfresco server storing documents.   There are 65 docs in
> the built in "sample" space, which defaults to allowing access to
> everyone.
> 2. With the MCF SearchComponent installed into Solr, if I pass the
> AuthenticatedUserName parameter with any value, I get back all 65
> documents as expected.
> 3. I added another space in Alfresco that only allows access for 4
> specific users... testuser1, testuser2, testuser3, and testuser4. If I
> log into Alfresco as any of those users I can view and/or upload
> content to the space.
> 4. I put 7 documents in that space, and re-indexed with MCF.
> 5. Solr now shows a total of 72 documents for the core in question.
> 6. But, if I pass AuthenticatedUserName=testuser1 with my query, I
> still only see the 65 docs from the other space.
> 7. If I temporarily turn off the MCF SearchComponent in Solr, I can
> see the docs from the "locked down" space.
> I set the various token fields to stored="true" so I can see what is
> getting stored, and here's what I see for one sample document (one
> that isn't being returned with the SearchComponent enabled, but which
> should be).
> "allow_token_document":["Alfresco:testuser1", "Alfresco:testuser2",
> "Alfresco:testuser3", "Alfresco:testuser4"],
> "deny_token_document":["__nosecurity__"],
> "deny_token_parent":["__nosecurity__"],
> "allow_token_share":["__nosecurity__"],
> "allow_token_parent":["__nosecurity__"],
> "deny_token_share":["__nosecurity__"],
> Note that at ingestion time, tokens were created of the form Alfresco:username for the
specific individual users which were granted access to the "secure" folder.
> However, if I make a direct request to the MCF UserACL's endpoint for, say, testuser1,
like this:
> http://manifoldcf.fogbeam.link:8345/mcf-authority-service/UserACLs?username=testuser1
> I get back:
> AUTHORIZED:Alfresco+Authority+Connection
> TOKEN:Alfresco:GROUP_EVERYONE
> which explains why I can see the documents from the public folder, because they all have
an allow_token_document for Alfresco:GROUP_EVERYONE.  But note that what I don't get back
here is the token for the specific user testuser1, which would match what was stored during
ingestion.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message