Search on all the documents (even on those where the user don't have permissions)

Is it possible to do a search where the permissions is not considered? So the user can see the results (title and author) but not read the actual file if he/she doesn't have the read permission.

if not, is it possible to create a gadget that uses another credentials?

0 votes

1 answers

829 views

ANSWER



This can cause a lot of problem for you security but if you want to do it, you can use an unrestrictedsessionrunner like this :

@Operation(id = Bla.ID, category = Constants.CAT_SERVICES, label = "Bla.getTitleUnrestricted", description = "")
public class Bla {

public static final String ID = "Bla.getTitlesUnRestricted";

@Param(name = "query", required = true)
protected String query;

@Context
CoreSession session;

public class DocumentDescription {

    private DocumentModel doc;

    public DocumentDescription(DocumentModel doc) {
        this.doc = doc;
    }

    public String getTitle() throws ClientException {
        return (String) doc.getPropertyValue("dc:title");
    }

    public String getDescription() throws ClientException {
        return (String) doc.getPropertyValue("dc:description");
    }

}

@OperationMethod
public Blob run() throws Exception {
    final List<DocumentDescription> results = new ArrayList<DocumentDescription>();
    UnrestrictedSessionRunner runner = new UnrestrictedSessionRunner(
            session) {

        @Override
        public void run() throws ClientException {
            DocumentModelList docs = session.query(query);
            for (DocumentModel doc : docs) {
                results.add(new DocumentDescription(doc));
            }

        }
    };
    runner.runUnrestricted();

    ObjectMapper mapper = new ObjectMapper();
    StringWriter writer = new StringWriter();
    mapper.writeValue(writer, results);
    return new InputStreamBlob(new ByteArrayInputStream(
            writer.toString().getBytes("UTF-8")), "application/json");

}

}

0 votes