Today we faced a very weird problem involving Alfresco API REST search API. Alfesco version 6.2 Community on docker, alfresco search services 1.4.2 on docker.
We have an Alfresco type, and today we reached 1001 objects of this type. Since then, searches through the REST API began to give HTTP 403 errors. But there's more:
- Searches using an admin were working, no problems. I could set maxItems to any number, and no issues.
- Searches using a non-admin user were not working, UNLESS we set maxItems to 1, that was the number of items on which this user had visibility. Then, one result was returned, everything ok. Setting maxItems to 2, caused to return 403 error again.
- After deleting the user's object, and reaching 1000 objets again, everything was working ok. Until someone created another object of this type. Then, searching with the non-admin user was giving us 403 error, no matter what number maxItems was set to.
We solved the issue by setting de good old system.acl.maxPermissionChecks property to a bigger number, but for me this solution is not good, and furthermore, I don't undertand WHY setting this property to a bigger number made this work. We had used this property to be able to get more than 1000 results in a single search, but never faced a permission error when trying to retrieve a resultSet bigger than 1000. I have to say we had always used java search API, not Alfresco REST API.
I would appreciate if someone can explain why did this solution work, and if we can solve this issue in another way than that.