How can I restrict the content using query builder to a particular user for a given node

Question

In geometrix site if I need to get the results for page which has only user X has access

Following query pulls all the records but I need to restrict to user X who can access contents at /content/geometrixx

http://localhost:4502/bin/querybuilder.feed?orderby=%40jcr%3acontent%2fjcr%3acreated&orderby.index=true&orderby.sort=desc&path=%2fcontent%2fgeometrixx%2fen&type=cq%3aPage

What are the parameters that need to be included in the url

smacdonald2008 · Accepted Answer

When you use the QUeryBuilder Java API from within an OSGi bundle - you have much finer control than the Rest API. For example -- you can control when the call is made and under what circumstances by developing correct application logic. You can see who the user is and if its not the user that you want - then do not let the call proceed. In other words - write application logic to control this.

Information about the Query Builder Restful API is here:

http://dev.day.com/docs/en/cq/current/dam/customizing_and_extendingcq5dam/query_builder.html

There are different examples -- including using Groups.

joerghoh · Answer

By default the query builder servlet uses the session, which has been created with the permissions of the logged in user. So if you want to get results only a user X can see, you should send proper authentication for the user X for this request to the querybuilder, and that's it.

If you don't want to do this, you need to write your own servlet (or a wrapper around the querybuilder servlet), which accepts the username as a parameter, opens a session for this user and then does the query in the scope of this session.

Jörg

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded