334946 – [search] Search can show results user isn't authorized to see

Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 334946 - [search] Search can show results user isn't authorized to see

Summary: [search] Search can show results user isn't authorized to see

Status:	RESOLVED FIXED

Alias:	None

Product:	Orion
Classification:	ECD
Component:	Client (show other bugs)
Version:	0.2
Hardware:	PC Windows 7

Importance:	P3 normal (vote)
Target Milestone:	0.2
Assignee:	John Arthorne
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-01-20 15:47 EST by John Arthorne
Modified:	2011-09-01 11:42 EDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Arthorne

2011-01-20 15:47:13 EST

There is no authorization check performed on search, so users can see search results for files they wouldn't otherwise be able to see.

Comment 1 John Arthorne

2011-01-21 13:22:51 EST

Fixed by doing the following:

 - Added UserName field to search index
 - Each user with rights to the project is added to that field
 - Augment search query with user name