Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-20764

Searches fail for users who are members of groups where the authorityName contains double quotes

    Details

    • Bug Priority:
      Category 3
    • ACT Numbers:

      00992227

    • Premier Customer:
      Yes
    • Sprint:
      Team 3 - Sprint 2, Team 3 - Sprint 3, Team 3 - Sprint 4, Team 3 - Sprint 5, Team 3 - Spint 6, Team 3 - Sprint 7
    • Work Funnel End:
      2020-05
    • Story Points:
      8
    • Delivery Team:
      Team 3

      Description

      The ACS REST API and also the AuthorityService allows for the creation of groups where the group id (authorityName) can contain double quotes. When a user is assigned to groups where the authorityName contains double quotes all searches performed against the Search Services by that user fail.

      Environment:
      ACS 6.1
      Search Services 1.3.0

      Actions Performed:
      Created a group using the Public REST API for the creation of where the id contains a double quote
      “…/alfresco/versions/1/groups”

      { "id": "mytest\"group", "displayName": "mytestgroup", "isRoot": true }

      Assigned a user (testyone) as member of ‘mytest"group’

      Executed the following search as the testyone user
      “../search/versions/1/search”
      {
      "query":

      { "query": "Alfresco*" }

      }

      Expected Result:
      The search returns the expected results

      Actual Result:
      An error is returned
      error":

      { "errorKey": "framework.exception.ApiDefault", "statusCode": 500, "briefSummary": "06100056 Request failed 500 /solr/alfresco/afts?wt=json&fl=DBID%2Cscore&rows=100&df=TEXT&start=0&locale=en_US&alternativeDic=DEFAULT_DICTIONARY&fq=%7B%21afts%7DAUTHORITY_FILTER_FROM_JSON&fq=%7B%21afts%7DTENANT_FILTER_FROM_JSON", "stackTrace": "For security reasons the stack trace is no longer displayed, but the property is kept for previous versions", "descriptionURL": "https://api-explorer.alfresco.com", "logId": "368d1597-a7b0-4cc1-9e6d-4ba3d1ece24c" }

      Notes:
      When the testyone user logs into Share a blank page is displayed
      When the testyone user logs into the Digital Workspace searches fail
      The following error looks to be generated in the solr.log when executing queries by the testyone user:
      2019-07-10 13:55:59.192 ERROR (qtp915349526-19) [ x:alfresco] o.a.s.h.RequestHandlerBase org.alfresco.service.namespace.NamespaceException: Namespace prefix group is not mapped to a namespace URI
      at org.alfresco.service.namespace.QName.createQName(QName.java:109)
      at org.alfresco.service.namespace.QName.createQName(QName.java:131)
      at org.alfresco.repo.search.impl.parsers.AlfrescoFunctionEvaluationContext.getLuceneFieldName(AlfrescoFunctionEvaluationContext.java:346)
      at org.alfresco.solr.AlfrescoSolr4FunctionEvaluationContext.getLuceneFieldName(AlfrescoSolr4FunctionEvaluationContext.java:59)
      at org.alfresco.repo.search.impl.querymodel.impl.lucene.functions.LuceneFTSTerm.addComponent(LuceneFTSTerm.java:75)
      at org.alfresco.repo.search.impl.querymodel.impl.lucene.LuceneFunctionalConstraint.addComponent(LuceneFunctionalConstraint.java:63)
      at org.alfresco.repo.search.impl.querymodel.impl.lucene.LuceneDisjunction.addComponent(LuceneDisjunction.java:71)
      at org.alfresco.repo.search.impl.querymodel.impl.lucene.LuceneConjunction.addComponent(LuceneConjunction.java:71)
      ...
      at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
      at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
      at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
      at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
      at java.base/java.lang.Thread.run(Thread.java:834)

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedbugs Closed Bugs (Inactive)
                  Reporter:
                  mchillman Michael Chillman
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel