2 Replies Latest reply on Oct 25, 2007 1:04 AM by Mo Pour

    Error in Hibernate Filter With Multiple Entities

    Mo Pour Newbie

      Hi
      We have followed the wiki hibernate search and filter examples, everyting works fine when querying a single entity, however the filter returns all records when multiple entities are passed to createFullTextQuery method.

      public org.hibernate.search.jpa.FullTextQuery exeuteSearch(EntityManager entityManager,
      String[] fields,String searchString,Class... entityTypes) {
       org.hibernate.search.jpa.FullTextQuery query=null;
       if(stringBridge==null){
       stringBridge = new PaddedIntegerBridge();
       }
       try{
      
       BooleanQuery mainQuery = new BooleanQuery();
      
       BooleanQuery entityQuery = new BooleanQuery();
       QueryParser parser = new MultiFieldQueryParser(fields,analyser, null);
       parser.setAllowLeadingWildcard(true);
       org.apache.lucene.search.Query contentSearch = parser.parse(searchString);
       entityQuery.add(contentSearch, BooleanClause.Occur.MUST);
      
       Integer currentAccessLevel = (Integer)Component.getInstance("currentAccessLevel");
       System.out.println("currentAccessLevel Filter " + currentAccessLevel);
       org.apache.lucene.search.Query accessLimitQuery =
       new ConstantScoreRangeQuery(SearchUtility.READ_ACCESS_LEVEL, null, stringBridge.objectToString(currentAccessLevel), true, true);
      
       org.apache.lucene.search.Filter accessFilter = new QueryFilter(accessLimitQuery);
       org.apache.lucene.search.FilteredQuery accessFilterQuery = new org.apache.lucene.search.FilteredQuery(entityQuery, accessFilter);
       mainQuery.add(accessFilterQuery, BooleanClause.Occur.SHOULD);
      query=( (FullTextEntityManager)entityManager ).createFullTextQuery(mainQuery, entityTypes);
      
       }catch(Exception ex){
      
       }
       return query;
       }
      

      We are using
      JBoss 4.2.1 GA
      Seam 2.0 CR1

      This is very dangerous as the record are visible to all users regardless of their read access level.

      Cheers
      Mo

      [img][/img]

        • 1. Re: Error in Hibernate Filter With Multiple Entities
          Christian Bauer Master

          The code you pasted is not from the wiki. My guess is that this is your code? I don't see a problem with the wiki search engine, if it isReadAccessChecked(), the access will be restricted.

          In any case, you should look at CVS.

          • 2. Re: Error in Hibernate Filter With Multiple Entities
            Mo Pour Newbie

            Hi christian
            You are correct the code above is not exactly the code from wiki, but on the similar implementation. We think we have found the source of the problem.

            If the FilterredQueries are Not implemented correctly and I pass multiple entities to createFullTextQuery, my entitymanager will return everyting regardless of access level.

            If the FilterredQueries are Not implemented correctly and I pass signle entities to createFullTextQuery, FullTextQuery will return results, but the entitymanager will apply the access level filtering.

            We found that our FilteredQuery is not working so we replaced it with TermQuery, However we like to know as to why the above senario has happend, my guess is that If FullTextQuery returns records of different entities, the entitymanager is unable to filter them.

            cheers
            Mo