I have had a bug raised by a client saying that when they are using the search box in the top right hand corner, they are getting results back from other clients sites.
Just a bit of background, we are running multiple sites out of the same instance of Umbraco and are using the the admin user permissions to control which sites are visible for each user (removing the browse permission against the root nodes of sites they should not see).
I have had a look around and cannot see any information relating to this, so my current plan is to capture the request going to the "SeachAll" endpoint which a SendAsync override and filtering the response based on the permissions of the current authenticated user.
Solved it, having reviewed how the permissions had been setup by another developers, they had only disabled "browse" on the root node of the other sites.
Why this is fine for the content tree in the admin, the search results will match results for any descendant nodes.
Having now changed the permissions to remove browse on all nodes the search is working as required.
Admin searchbox not obying user permissions
Hi Everyone,
I have had a bug raised by a client saying that when they are using the search box in the top right hand corner, they are getting results back from other clients sites.
Just a bit of background, we are running multiple sites out of the same instance of Umbraco and are using the the admin user permissions to control which sites are visible for each user (removing the browse permission against the root nodes of sites they should not see).
I have had a look around and cannot see any information relating to this, so my current plan is to capture the request going to the "SeachAll" endpoint which a SendAsync override and filtering the response based on the permissions of the current authenticated user.
Many thanks for everyone's help,
Martin.
Do you mean the search from within the back office or from end searches from within their site?
Do you have ezSearch installed on the site?
Hi Steve,
Its the back office search, and no ezSearch is not installed.
Many thanks,
Martin
Hi Everyone,
Solved it, having reviewed how the permissions had been setup by another developers, they had only disabled "browse" on the root node of the other sites.
Why this is fine for the content tree in the admin, the search results will match results for any descendant nodes.
Having now changed the permissions to remove browse on all nodes the search is working as required.
Many thanks, Martin.
is working on a reply...