• Forums
  • Bug Reports
  • Search results not correctly screened on the basis of role for role restricted modules

Search results not correctly screened on the basis of role for role restricted modules

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
9/23/2009 6:54:48 AM
Tony Dixon
Gravatar
Total Posts 2
View Posts

Search results not correctly screened on the basis of role for role restricted modules

Hi,

I'm running mojoPortal on IIS6 with MSSQL and the latest build.

I have a page which is visible to all users, but on this page I have a HTML component which is restricted to certain role members. When searching the site as anonymous the content of the html component is returned in the search index, even though the anonymous user is not in the restricted role. For example the html component is restricted to the group MyUsers. The anonymous user can see the contents even though they do not have this role.

Looking at the code it seems that during the return of search results the module is filtered out if the current user does not belong to the lucene field ViewRole. However this role is inherited from the page, not the actual component module, and in this case the page is open to All Users. There also needs to be an exclusion for if the user does not belong to the lucene field ModuleRole in the loop I think, this would reject the user if they did not have the correct ModuleRole.

I hope I have explained the problem ok.

 

Thanks for the hard work,

 

Tony

9/23/2009 8:01:28 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Search results not correctly screened on the basis of role for role restricted modules

Hi,

I am not able to produce this problem on my local machine nor on demo.mojoportal.com

Please make sure you have these settings in your user.config file:

<add key="SearchUseBackwardCompatibilityMode" value="false" />

<add key="DisableSearchFeatureFilters" value="false" />

<add key="EnableSearchResultsHighlighting" value="true" />

If not then add them, then touch your Web.config to recycle the app, then rebuild the search index.

Hope it helps,

Joe

You must sign in to post in the forums. This thread is closed to new posts.