Search on all the documents (even on those where the user don't have permissions)
Is it possible to do a search where the permissions is not considered? So the user can see the results (title and author) but not read the actual file if he/she doesn't have the read permission.
if not, is it possible to create a gadget that uses another credentials?
 |
Paco Zarate
Member (87) 1 1 1 |
03/14/2013 ( History) |
0 votes
1 answers
1600 views
This can cause a lot of problem for you security but if you want to do it, you can use an unrestrictedsessionrunner like this :
@Operation(id = Bla.ID, category = Constants.CAT_SERVICES, label = "Bla.getTitleUnrestricted", description = "")
public class Bla {
public static final String ID = "Bla.getTitlesUnRestricted";
@Param(name = "query", required = true)
protected String query;
@Context
CoreSession session;
public class DocumentDescription {
private DocumentModel doc;
public DocumentDescription(DocumentModel doc) {
this.doc = doc;
}
public String getTitle() throws ClientException {
return (String) doc.getPropertyValue("dc:title");
}
public String getDescription() throws ClientException {
return (String) doc.getPropertyValue("dc:description");
}
}
@OperationMethod
public Blob run() throws Exception {
final List<DocumentDescription> results = new ArrayList<DocumentDescription>();
UnrestrictedSessionRunner runner = new UnrestrictedSessionRunner(
session) {
@Override
public void run() throws ClientException {
DocumentModelList docs = session.query(query);
for (DocumentModel doc : docs) {
results.add(new DocumentDescription(doc));
}
}
};
runner.runUnrestricted();
ObjectMapper mapper = new ObjectMapper();
StringWriter writer = new StringWriter();
mapper.writeValue(writer, results);
return new InputStreamBlob(new ByteArrayInputStream(
writer.toString().getBytes("UTF-8")), "application/json");
}
}
 |
Damien Metzler
Member (1.9K) 1 3 4 |
03/14/2013 ( History) |