Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Martin Blackwell 13 posts 71 karma points c-trib
    Jul 07, 2015 @ 07:47
    Martin Blackwell
    0

    Admin searchbox not obying user permissions

    Hi Everyone,

    I have had a bug raised by a client saying that when they are using the search box in the top right hand corner, they are getting results back from other clients sites.

    Just a bit of background, we are running multiple sites out of the same instance of Umbraco and are using the the admin user permissions to control which sites are visible for each user (removing the browse permission against the root nodes of sites they should not see).

    I have had a look around and cannot see any information relating to this, so my current plan is to capture the request going to the "SeachAll" endpoint which a SendAsync override and filtering the response based on the permissions of the current authenticated user.

    Many thanks for everyone's help,

    Martin.

  • Steve Morgan 1022 posts 3186 karma points c-trib
    Jul 07, 2015 @ 08:23
    Steve Morgan
    0

    Do you mean the search from within the back office or from end searches from within their site?

    Do you have ezSearch installed on the site?

  • Martin Blackwell 13 posts 71 karma points c-trib
    Jul 07, 2015 @ 08:24
    Martin Blackwell
    0

    Hi Steve,

    Its the back office search, and no ezSearch is not installed.

    Many thanks,

    Martin

  • Martin Blackwell 13 posts 71 karma points c-trib
    Jul 07, 2015 @ 08:41
    Martin Blackwell
    0

    Hi Everyone,

    Solved it, having reviewed how the permissions had been setup by another developers, they had only disabled "browse" on the root node of the other sites.

    Why this is fine for the content tree in the admin, the search results will match results for any descendant nodes.

    Having now changed the permissions to remove browse on all nodes the search is working as required.

    Many thanks, Martin.

Please Sign in or register to post replies

Write your reply to:

Draft