MNT-24270 Disable Faceting when we have unknown nodes in the search results #2504
Conversation
…e faceting, pivots and stats as the hit counts would be incorrect
…own nodes in the total items. Added test
…into fix/MNT-24270_disableFacetingOnUnkownNodesInSearchResults
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.lib.js
Fixed
Show fixed
Hide fixed
...src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.lib.js
Fixed
Show fixed
Hide fixed
...src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.lib.js
Fixed
Show fixed
Hide fixed
...src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.lib.js
Fixed
Show fixed
Hide fixed
...src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.lib.js
Fixed
Show fixed
Hide fixed
...src/main/resources/alfresco/templates/webscripts/org/alfresco/slingshot/search/search.lib.js
Fixed
Show fixed
Hide fixed
remote-api/src/main/java/org/alfresco/rest/api/search/impl/ResultMapper.java
Fixed
Show fixed
Hide fixed
remote-api/src/main/java/org/alfresco/rest/api/search/impl/ResultMapper.java
Fixed
Show fixed
Hide fixed
remote-api/src/main/java/org/alfresco/rest/api/search/impl/ResultMapper.java
Fixed
Show fixed
Hide fixed
remote-api/src/main/java/org/alfresco/rest/api/search/impl/ResultMapper.java
Fixed
Show fixed
Hide fixed
remote-api/src/main/java/org/alfresco/rest/api/search/impl/ResultMapper.java
Fixed
Show fixed
Hide fixed
This sounds concerning. Isn't it better to return slightly wrong results than no results? |
|
@jottley was who discussed the issue with the customer and the incorrect facet results were confusing the users much more. IMO from a security perspective, by showing the possibly real result count (when we have permissions disabled on SOLR for example) we are disclosing that we have X number of documents with that term (and because its facets we are actually exposing dates, creators, modifiers, etc as we show the hits on each ) despite the user only having access to a subset of those. Its safer to not return that info than leak that we have a document that matches your search but you don't have permissions to see it. |
|
@tpage-alfresco Like Eva indicated, the customer is having issues with the fact that a single document could be returned and they are seeing facets/counts from across the repo indicating the total documents are much higher. They also don't like seeing facets that don't even apply to the result set. For example a single document returned but a facet count of 4 but nothing returned when the navigate to the facet. We discussed with them a customization/configuration to remove the facets from being seen but they still want/rely on the facets. This appears to be an acceptable approach. |
|
As the related JIRA has been closed and the decision to no go forward with this approach, I am going to close this PR |
Unknown nodes can appear in the search results if the nodes where deleted or permissions changed while the index is not yet up to date or if we disabled permission checks on the search engine.
In this case the total items will not match the number of entries that are returned and the facet hits will be wrong. Changes made were: