manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <>
Subject Re: Solr indexing permissions even when disabling authorities for a repository connection
Date Thu, 26 Mar 2015 16:36:23 GMT
Hi Antonio,

A repository connector does not build its RepositoryDocument objects based
on its ManifoldCF environment.  To do that would be a challenge, and
probably would introduce dependencies we really don't want.

The access tokens themselves get qualified by the authority group name by
the output connector.  It's done by calling a qualification method in
IOutputAddActivity.  For historical reasons, that method chooses to
interpret *no* authority group as meaning *no* qualification of tokens.
The historical reason is deprecated but we never changed the behavior.
Even so, you'd need to change the way the output connectors themselves
behave if you want to change this.  So it can't be done globally without
breaking backwards compatibility, until MCF 3.0.


On Thu, Mar 26, 2015 at 12:00 PM, Antonio David Perez Morales <> wrote:

> Hi all
> When using ManifoldCF, we are facing a strange behavior when disabling
> authorities for a repository connection. Let me explain the steps:
> 1. Configure Alfresco repository connection with an authority group using
> an Alfresco Authority Connection
> 2. Configure Solr Output Connector
> 3. Create a job using the repository and authority connections just
> configured
> 4. Execute the job to index the content
> After that, I can see in Solr the proper documents with the right
> permissions. After that, I do the following:
> 1. Remove the authority group for the repository connection (using "None"
> and saving)
> 2. Delete the job (documents are deleted)
> 3. Create another job with the same configuration for repository and
> output connections
> 4. Execute the job
> After that, I can see again in Solr the documents with the permissions.
> After checking the source code of both, Alfresco repository (or any
> repository connector with permission capabilities) simply creates a
> RepositoryDocument for each document to process and adds the specific ACLs
> for the specific permission type (document, share, parent, directory_). The
> output connector (at least Solr Output Connector) takes the repository
> document ACLs and builds the specific Solr fields for permissions.
> I was expecting that since the base repository connector is the one which
> manages the authority group for the repository, it (or Manifold framework)
> should manage that to take the ACLs of the repository document into account
> or not before being passed to the output connector (or transformation
> connections if any). I mean I was expecting that if you put none as
> authority group for a repository connection, then the base repository
> connection or the framework should skip the ACLs set and put no_security.
> Am I missing something or it is a real bug? if it is a bug I could fix it
> and send a patch, but for that I would like to know what component is the
> responsible to do that or if the framework should be changed.
> regards
> ------------------------------
> This message should be regarded as confidential. If you have received this
> email in error please notify the sender and destroy it immediately.
> Statements of intent shall only become binding when confirmed in hard copy
> by an authorised signatory.
> Zaizi Ltd is registered in England and Wales with the registration number
> 6440931. The Registered Office is Brook House, 229 Shepherds Bush Road,
> London W6 7AN.

View raw message