invenio
invenio copied to clipboard
inveniosoftware
Maint-1.2: Guestuser can not search in public collection when the records are also in restricted collections
Hallo,
we have on our test system with Maint-1.2 Invenio the following behaviour:
From 1.1 to 1.2 we lose the possibility, that unauthorized user (guest) can search in any public collections. In Invenio 1.1 the guest got the full result, e.g. 32000 records in the simple search. Now with 1.2 the result is Zero, only the authorities are searchable. I see in invenio.conf, the CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY = ANY is not more ALL like in 1.1, but in our local conf in both versions was CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY always ANY. In the moment, I have no ideas more.
Additionally, all records have the red "Restricted" flag on the left side now!
A simple example: We have the two collections:
61016 UNRESTRICTED collection:"UNRESTRICTED" No Yes No en, 3:Restricted 61056 FullTexts collection:"FullTexts" and collection:"UNRESTRICTED" No No No en, OK
UNRESTRICTED is a restricted collection and FullTexts not, this should be public.
One record has both 980__a:UNRESTRICTED and 980__a:FullTexts
In Maint-1.1, the record is public for all users and searchable because of the minimum one public collection. In Maint-1.2, the record is public but has the Restricted flag and is not searchable.
The CFG_WEBSEARCH_VIEWRESTRCOLL_POLICY = ANY is in both cases equal because of our invenio-local.conf.
This should be related to #1315
@tiborsimko @aw-bib
Appendix:
In the search_engine.py, function check_user_can_view_record, the if statements are different to main-1.1. This was my first idea to check the differences, but I'm not the expert.
