Amount of results in a search does not take into account access rights


When doing a search the amount of results reported is before the filtering according to rights has been applied.
The extreme case is when you get an results indicator of many hundred but you get no results back.
Since the results are paginated the check is only performed on those that are returned. The effect might be that 200 entries are checked to get a list of 100 entries to send back (when there is a limit of 100).

Alternative 1:
If the amount of entries being returned are smaller than the limit, indicate that number in the results (take into account the offset).
Otherwise indicate the total amount of result as reported by Solr (i.e. as it is today).

Alternative 2:
Leave it as it is today and if the amount of entries returned are fewer than the limit the client can report a more accurate amount of results.

Alternative 3:
Go through all the matching results and report an actual number of available search results. This approach is probably too computationally expensive.

In any case, it should be documented how it works in:




Hannes Ebner
November 14, 2013, 3:16 PM

An accurate result count for matching entries cannot be implemented with the current ACL-handling in Solr.

The exact behavior and some background information are now documented at

Hannes Ebner
November 10, 2013, 5:17 PM

The decision to hide inaccessible results also affects directory listings, not only search. Currently entries to which the user does not have access are shown as "Insufficient rights" in the list. They should not be shown at all instead.



Hannes Ebner


Matthias Palmér




Fix versions