Try our conversational search powered by Generative AI!

Accesslevel bug in SearchDataSource


This could be a bug, or I'm doing something wrong.

When using SearchDataSource for a pure criteria based search makes it ignore its AccessLevel property. Try by adding some criteria and searching without SearchQuery and make sure you get some results as an unauthenticated user. Then set for example AccessLevel="Administer" in markup if that should yield different results. Try the search and see that nothing changed.

I looked at the code in Reflector and it seems to be because when SearchDataSource does not have a SearchQuery it executes FindPagesWithCriteria and then returns. It does not filter the pages for access. However this seems to work OK in most instances because FindPagesWithCriteria seems to match the access rights even though it shouldn't? In any case the AccessLevel property is ignored in this case, because it is handled by the filter which is only executed when SearchQuery is set.

IMHO the pure-criteria search should be handled the same way as the pure query or query/criteria combination, when filtering for access that is. Get all pages ignoring access rights with FindPagesWithCriteria (should ignore access rights, but sometimes doesn't, so might use FindAllPagesWithCritiera?), and then execute the access filter locally.

Oct 02, 2009 11:08
My bad, I was looking at an old version. In 5.2.375.236 the filters are executed in property based search as well. But there's something that's not completely right since I can produce the results described?
Oct 02, 2009 11:15

How to solve the problem? I need to get all pages without considering the asccess rights using the SearchDataSource.  The AssessLevel seems doing nothing for the search result when AccessLevel="Undefined".



Apr 21, 2010 17:39
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.