Restricted access to getTargetAssocsByPropertyValue

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

Restricted access to getTargetAssocsByPropertyValue

Hi,

Using the capitalised NodeService bean, nodeService.getTargetAssocsByPropertyValue can only be run by the system user. This is due to the bean id="NodeService_security" in alfresco-repository/src/main/resources/alfresco/public-services-security-context.xml , in which there is no entry for this method so it defaults to ACL_DENY, preventing access.

Considering that similar methods (e.g. getChildAssocsByPropertyValue) have entries, it seems as though this might be a mistake/bug, unless there is some specific reason that this method should not be used?

Does anyone know anything about this?

Thanks,
Sam Cheshire

1 Reply
Master

Re: Restricted access to getTargetAssocsByPropertyValue

This is most definitely a bug / massive oversight in development + testing by Alfresco. It is unfortunately not that uncommon, as I have had to report various methods with missing security configurations myself in the past.