Help

Restricted access to getTargetAssocsByPropertyValue

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
scrasun
Member II
‎25 Sep 2019 1:08 PM

Restricted access to getTargetAssocsByPropertyValue

Hi,

Using the capitalised NodeService bean, nodeService.getTargetAssocsByPropertyValue can only be run by the system user. This is due to the bean id="NodeService_security" in alfresco-repository/src/main/resources/alfresco/public-services-security-context.xml , in which there is no entry for this method so it defaults to ACL_DENY, preventing access.

Considering that similar methods (e.g. getChildAssocsByPropertyValue) have entries, it seems as though this might be a mistake/bug, unless there is some specific reason that this method should not be used?

Does anyone know anything about this?

Thanks,
Sam Cheshire

0 Kudos
Reply
1 Reply
afaust
Master
‎25 Sep 2019 3:13 PM

Re: Restricted access to getTargetAssocsByPropertyValue

This is most definitely a bug / massive oversight in development + testing by Alfresco. It is unfortunately not that uncommon, as I have had to report various methods with missing security configurations myself in the past.

0 Kudos
Reply
Alfresco Content Services Forum

Ask for and offer help to other Alfresco Content Services Users and members of the Alfresco team.

Related links:

We use cookies on this site to enhance your user experience

By using this site, you are agreeing to allow us to collect and use cookies as outlined in Alfresco’s Cookie Statement and Terms of Use (and you have a legitimate interest in Alfresco and our products, authorizing us to contact you in such methods).   If you are not ok with these terms, please do not use this website.