Index: jspwiki-war/src/main/java/org/apache/wiki/plugin/Search.java =================================================================== --- jspwiki-war/src/main/java/org/apache/wiki/plugin/Search.java (revision 1655262) +++ jspwiki-war/src/main/java/org/apache/wiki/plugin/Search.java (working copy) @@ -115,7 +115,7 @@ log.debug("Searching for string "+query); @SuppressWarnings("unchecked") - Collection list = context.getEngine().findPages( query ); + Collection list = context.getEngine().findPages( query, context ); return list; } Index: jspwiki-war/src/main/java/org/apache/wiki/search/BasicSearchProvider.java =================================================================== --- jspwiki-war/src/main/java/org/apache/wiki/search/BasicSearchProvider.java (revision 1655262) +++ jspwiki-war/src/main/java/org/apache/wiki/search/BasicSearchProvider.java (working copy) @@ -26,11 +26,14 @@ import java.util.TreeSet; import org.apache.log4j.Logger; +import org.apache.wiki.WikiContext; import org.apache.wiki.WikiEngine; import org.apache.wiki.WikiPage; import org.apache.wiki.api.exceptions.NoRequiredPropertyException; import org.apache.wiki.api.exceptions.ProviderException; import org.apache.wiki.attachment.Attachment; +import org.apache.wiki.auth.AuthorizationManager; +import org.apache.wiki.auth.permissions.PagePermission; import org.apache.wiki.providers.WikiPageProvider; /** @@ -144,7 +147,7 @@ return ""; } - private Collection findPages( QueryItem[] query ) + private Collection findPages( QueryItem[] query, WikiContext wikiContext ) { TreeSet res = new TreeSet( new SearchResultComparator() ); SearchMatcher matcher = new SearchMatcher( m_engine, query ); @@ -160,6 +163,8 @@ return null; } + AuthorizationManager mgr = m_engine.getAuthorizationManager(); + Iterator it = allPages.iterator(); while( it.hasNext() ) { @@ -168,6 +173,8 @@ WikiPage page = (WikiPage) it.next(); if (page != null) { + PagePermission pp = new PagePermission( page, PagePermission.VIEW_ACTION ); + if( mgr.checkPermission( wikiContext.getWikiSession(), pp ) ) { String pageName = page.getName(); String pageContent = m_engine.getPageManager().getPageText(pageName, WikiPageProvider.LATEST_VERSION) + attachmentNames(page, " "); @@ -179,6 +186,7 @@ } } } + } catch( ProviderException pe ) { log.error( "Unable to retrieve page from cache", pe ); @@ -195,9 +203,9 @@ /** * {@inheritDoc} */ - public Collection findPages(String query) + public Collection findPages(String query, WikiContext wikiContext) { - return findPages(parseQuery(query)); + return findPages(parseQuery(query), wikiContext); } /** Index: jspwiki-war/src/main/java/org/apache/wiki/search/LuceneSearchProvider.java =================================================================== --- jspwiki-war/src/main/java/org/apache/wiki/search/LuceneSearchProvider.java (revision 1655262) +++ jspwiki-war/src/main/java/org/apache/wiki/search/LuceneSearchProvider.java (working copy) @@ -67,6 +67,7 @@ import org.apache.wiki.InternalWikiException; import org.apache.wiki.WatchDog; import org.apache.wiki.WikiBackgroundThread; +import org.apache.wiki.WikiContext; import org.apache.wiki.WikiEngine; import org.apache.wiki.WikiPage; import org.apache.wiki.WikiProvider; @@ -74,6 +75,8 @@ import org.apache.wiki.api.exceptions.ProviderException; import org.apache.wiki.attachment.Attachment; import org.apache.wiki.attachment.AttachmentManager; +import org.apache.wiki.auth.AuthorizationManager; +import org.apache.wiki.auth.permissions.PagePermission; import org.apache.wiki.parser.MarkupParser; import org.apache.wiki.providers.WikiPageProvider; import org.apache.wiki.util.ClassUtil; @@ -590,10 +593,10 @@ /** * {@inheritDoc} */ - public Collection findPages( String query ) + public Collection findPages( String query, WikiContext wikiContext ) throws ProviderException { - return findPages( query, FLAG_CONTEXTS ); + return findPages( query, FLAG_CONTEXTS, wikiContext ); } /** @@ -610,7 +613,7 @@ * @return A Collection of SearchResult instances * @throws ProviderException if there is a problem with the backend */ - public Collection findPages( String query, int flags ) + public Collection findPages( String query, int flags, WikiContext wikiContext ) throws ProviderException { IndexSearcher searcher = null; @@ -647,6 +650,8 @@ ScoreDoc[] hits = searcher.search(luceneQuery, MAX_SEARCH_HITS).scoreDocs; + AuthorizationManager mgr = m_engine.getAuthorizationManager(); + list = new ArrayList(hits.length); for ( int curr = 0; curr < hits.length; curr++ ) { @@ -663,6 +668,9 @@ // When the search-results are cleaned up this can be enabled again. } + PagePermission pp = new PagePermission( page, PagePermission.VIEW_ACTION ); + if( mgr.checkPermission( wikiContext.getWikiSession(), pp ) ) { + int score = (int)(hits[curr].score * 100); @@ -681,6 +689,7 @@ SearchResult result = new SearchResultImpl( page, score, fragments ); list.add(result); } + } else { log.error("Lucene found a result page '" + pageName + "' that could not be loaded, removing from Lucene cache"); Index: jspwiki-war/src/main/java/org/apache/wiki/search/SearchManager.java =================================================================== --- jspwiki-war/src/main/java/org/apache/wiki/search/SearchManager.java (revision 1655262) +++ jspwiki-war/src/main/java/org/apache/wiki/search/SearchManager.java (working copy) @@ -27,6 +27,8 @@ import java.util.Properties; import java.util.Set; +import javax.servlet.http.HttpServletRequest; + import org.apache.commons.lang.time.StopWatch; import org.apache.log4j.Logger; import org.apache.wiki.WikiContext; @@ -153,9 +155,10 @@ * * @param searchString The query string * @param maxLength How many hits to return + * @param request the request on which this search is being called on * @return the pages found */ - public List findPages( String searchString, int maxLength ) + public List findPages( String searchString, int maxLength, WikiContext wikiContext ) { StopWatch sw = new StopWatch(); sw.start(); @@ -166,12 +169,13 @@ { try { + // WikiContext wikiContext = m_engine.createContext( request, WikiContext.FIND ); Collection c; if( m_searchProvider instanceof LuceneSearchProvider ) - c = ((LuceneSearchProvider)m_searchProvider).findPages( searchString, 0 ); + c = ((LuceneSearchProvider)m_searchProvider).findPages( searchString, 0, wikiContext ); else - c = m_searchProvider.findPages( searchString ); + c = m_searchProvider.findPages( searchString, wikiContext ); int count = 0; for( Iterator i = c.iterator(); i.hasNext() && count < maxLength; count++ ) @@ -293,15 +297,16 @@ * the query engine wants to use. * * @param query The query. Null is safe, and is interpreted as an empty query. + * @param wikiContext the context within which to run the search * @return A collection of WikiPages that matched. * @throws ProviderException If the provider fails and a search cannot be completed. * @throws IOException If something else goes wrong. */ - public Collection findPages( String query ) + public Collection findPages( String query, WikiContext wikiContext ) throws ProviderException, IOException { if( query == null ) query = ""; - Collection c = m_searchProvider.findPages( query ); + Collection c = m_searchProvider.findPages( query, wikiContext ); return c; } Index: jspwiki-war/src/main/java/org/apache/wiki/search/SearchProvider.java =================================================================== --- jspwiki-war/src/main/java/org/apache/wiki/search/SearchProvider.java (revision 1655262) +++ jspwiki-war/src/main/java/org/apache/wiki/search/SearchProvider.java (working copy) @@ -21,6 +21,7 @@ import java.io.IOException; import java.util.Collection; +import org.apache.wiki.WikiContext; import org.apache.wiki.WikiPage; import org.apache.wiki.WikiProvider; import org.apache.wiki.api.exceptions.ProviderException; @@ -50,9 +51,10 @@ /** * Search for pages matching a search query * @param query query to search for + * @param wikiContext the context within which to run the search * @return collection of pages that match query * @throws ProviderException if the search provider failed. * @throws IOException if for some reason the query could not be executed. */ - Collection findPages(String query) throws ProviderException, IOException; + Collection findPages(String query, WikiContext wikiContext) throws ProviderException, IOException; } Index: jspwiki-war/src/main/java/org/apache/wiki/WikiEngine.java =================================================================== --- jspwiki-war/src/main/java/org/apache/wiki/WikiEngine.java (revision 1655262) +++ jspwiki-war/src/main/java/org/apache/wiki/WikiEngine.java (working copy) @@ -1844,6 +1844,7 @@ * a language of its own. * * @param query The query string + * @param wikiContext the context within which to run the search * @return A Collection of SearchResult objects. * @throws ProviderException If the searching failed * @throws IOException If the searching failed @@ -1852,10 +1853,10 @@ // // FIXME: Should also have attributes attached. // - public Collection findPages( String query ) + public Collection findPages( String query, WikiContext wikiContext ) throws ProviderException, IOException { - Collection results = m_searchManager.findPages( query ); + Collection results = m_searchManager.findPages( query, wikiContext ); return results; } Index: jspwiki-war/src/main/webapp/Search.jsp =================================================================== --- jspwiki-war/src/main/webapp/Search.jsp (revision 1655262) +++ jspwiki-war/src/main/webapp/Search.jsp (working copy) @@ -50,35 +50,10 @@ try { - list = wiki.findPages( query ); + list = wiki.findPages( query, wikiContext ); - // - // Filter down to only those that we actually have a permission to view - // - AuthorizationManager mgr = wiki.getAuthorizationManager(); - - ArrayList filteredList = new ArrayList(); - - for( Iterator i = list.iterator(); i.hasNext(); ) - { - SearchResult r = (SearchResult)i.next(); - - WikiPage p = r.getPage(); - - PagePermission pp = new PagePermission( p, PagePermission.VIEW_ACTION ); - - try - { - if( mgr.checkPermission( wikiContext.getWikiSession(), pp ) ) - { - filteredList.add( r ); - } - } - catch( Exception e ) { log.error( "Searching for page "+p, e ); } - } - pageContext.setAttribute( "searchresults", - filteredList, + list, PageContext.REQUEST_SCOPE ); } catch( Exception e ) Index: jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp =================================================================== --- jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp (revision 1655262) +++ jspwiki-war/src/main/webapp/templates/default/AJAXSearch.jsp (working copy) @@ -56,7 +56,7 @@ { try { - Collection list = wiki.findPages( query ); + Collection list = wiki.findPages( query, wikiContext ); // Filter down to only those that we actually have a permission to view AuthorizationManager mgr = wiki.getAuthorizationManager(); Index: jspwiki-war/src/test/java/org/apache/wiki/search/SearchManagerTest.java =================================================================== --- jspwiki-war/src/test/java/org/apache/wiki/search/SearchManagerTest.java (revision 1655262) +++ jspwiki-war/src/test/java/org/apache/wiki/search/SearchManagerTest.java (working copy) @@ -74,8 +74,11 @@ } else { break; } - res = m_mgr.findPages( text ); + MockHttpServletRequest request = m_engine.newHttpRequest(); + WikiContext ctx = m_engine.createContext( request, WikiContext.EDIT ); + res = m_mgr.findPages( text, ctx ); + // debugSearchResults( res ); } return res; @@ -139,12 +142,12 @@ Thread.yield(); Collection res = waitForIndex( "Babylon" , "testSimpleSearch3" ); // wait until 2nd m_engine.saveText() takes effect - res = m_mgr.findPages( "mankind" ); // check for text present in 1st m_engine.saveText() but not in 2nd + res = m_mgr.findPages( "mankind", ctx ); // check for text present in 1st m_engine.saveText() but not in 2nd assertNotNull( "found results", res ); assertEquals( "empty results", 0, res.size() ); - res = m_mgr.findPages( "Babylon" ); + res = m_mgr.findPages( "Babylon", ctx ); assertNotNull( "null result", res ); assertEquals( "no pages", 1, res.size() ); @@ -152,6 +155,31 @@ m_engine.deleteTestPage("TestPage"); } + public void testSimpleSearch4() throws Exception { + String txt = "It was the dawn of the third age of mankind, ten years after the Earth-Minbari War."; + + MockHttpServletRequest request = m_engine.newHttpRequest(); + request.getParameterMap().put( "page", new String[]{ "TestPage" } ); + + WikiContext ctx = m_engine.createContext( request, WikiContext.EDIT ); + + m_engine.saveText( ctx, txt ); + + Thread.yield(); + Collection res = waitForIndex( "mankind" , "testSimpleSearch4" ); + + assertNotNull( "found results", res ); + assertEquals( "result not found", 1, res.size() ); + + m_engine.saveText( ctx, "[{ALLOW view Authenticated}] It was the dawn of the third age of mankind... page is blocked" ); + + res = m_mgr.findPages( "mankind" , ctx ); + assertNotNull( "null result", res ); + assertEquals( "result found, should be blocked", 0, res.size() ); + + m_engine.deleteTestPage("TestPage"); + } + public void testTitleSearch() throws Exception { String txt = "Nonsensical content that should not match";