Details
-
Bug
-
Resolution: Fixed
-
High
-
5.1, 5.2, 5.3-dev
-
None
Description
If a user has no content/read access at all, the created SOLR search filters will cause incorrect results to be returned (IE: all content)
In this case, ezpublish's default search does check all the nodes again so it does not display them, but the result count, facets, pagination are all incorrect.
If using a custom function, however (for example, through symfony), this "post-filtering" may not occur and invalid results could end up being displayed - eZFInd/SOLR should not return invalid results in the first place.
Steps to reproduce:
- remove all content/read permissions from a user role (for example, anonymous)
- As anonymous, perform a search
- Note that the default content/search relies on the 'content/read' permission, so a custom module/bundle should be used.
Result:
- On the standard ezpublish view, no results are displayed but it is clearly visible (see attached screenshot) that:
- The number of results is incorrect (should be none, not ALL content)
- The filters/facets are displayed
- The pagination is created
Other Notes:
$searchResult = eZSearch::search( $http->variable( 'SearchText' , '' ), array( "SearchLimit" => 10, ) );