Expand my Community achievements bar.

SOLVED

How can I restrict the content using query builder to a particular user for a given node

Avatar

Level 9
Level 9
10/15/15 7:28:07 PM

In geometrix site if I need to get the results for page which has only user X has access 

Following query pulls all the records but I need to restrict to user X who can access contents at /content/geometrixx

http://localhost:4502/bin/querybuilder.feed?orderby=%40jcr%3acontent%2fjcr%3acreated&orderby.index=t...

What are the parameters that need to be included in the url

Views

978

Replies

3
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:28:07 PM

When you use the QUeryBuilder Java API from within an OSGi bundle - you have much finer control than the Rest API. For example --  you can control when the call is made and under what circumstances by developing correct application logic. You can see who the user is and if its not the user that you want - then do not let the call proceed. In other words - write application logic to control this. 

 

Information about the Query Builder Restful API is here:

http://dev.day.com/docs/en/cq/current/dam/customizing_and_extendingcq5dam/query_builder.html

There are different examples -- including using Groups. 

View solution in original post

Views

731

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
3 Replies

Avatar

Correct answer by
Level 10
Level 10
10/15/15 7:28:07 PM

When you use the QUeryBuilder Java API from within an OSGi bundle - you have much finer control than the Rest API. For example --  you can control when the call is made and under what circumstances by developing correct application logic. You can see who the user is and if its not the user that you want - then do not let the call proceed. In other words - write application logic to control this. 

 

Information about the Query Builder Restful API is here:

http://dev.day.com/docs/en/cq/current/dam/customizing_and_extendingcq5dam/query_builder.html

There are different examples -- including using Groups. 

Views

732

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Employee Advisor
Employee Advisor
10/15/15 7:28:07 PM

By default the query builder servlet uses the session, which has been created with the permissions of the logged in user. So if you want to get results only a user X can see, you should send proper authentication for the user X for this request to the querybuilder, and that's it.

If you don't want to do this, you need to write your own servlet (or a wrapper around the querybuilder servlet), which accepts the username as a parameter, opens a session for this user and then does the query in the scope of this session.

Jörg

Views

731

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 10
Level 10
10/15/15 7:28:07 PM

Agree with scott.  If you have dispatcher use mod_security example at http://helpx.adobe.com/experience-manager/kb/restrict-system-administrator-login-specific.html

Additionally you can use filter an sample example of different use case at http://aemfaq.blogspot.com/2013/05/blocking-anonymous-access-to-crx-in-non.html

Views

748

Replies

0
Sign in to like this content

Total Likes

Translate
Translate