Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 334946

Summary: [search] Search can show results user isn't authorized to see
Product: [ECD] Orion Reporter: John Arthorne <john.arthorne>
Component: ClientAssignee: John Arthorne <john.arthorne>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3    
Version: 0.2   
Target Milestone: 0.2   
Hardware: PC   
OS: Windows 7   
Whiteboard:

Description John Arthorne CLA 2011-01-20 15:47:13 EST 
There is no authorization check performed on search, so users can see search results for files they wouldn't otherwise be able to see.
Comment 1 John Arthorne CLA 2011-01-21 13:22:51 EST 
Fixed by doing the following:

 - Added UserName field to search index
 - Each user with rights to the project is added to that field
 - Augment search query with user name