thomasmueller commented on code in PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#discussion_r1326883609
########## oak-lucene/src/test/java/org/apache/jackrabbit/oak/jcr/query/ResultSizeTest.java: ########## @@ -126,5 +151,90 @@ private void doTestResultSize(boolean union, int expected) throws RepositoryExce System.clearProperty("oak.fastQuerySize"); } + + private void doTestResultSizeOption(boolean aggregateAtQueryTime) throws RepositoryException { + createData(); + int expectedForUnion = 400; + int expectedForTwoConditions = aggregateAtQueryTime ? 400 : 200; + doTestResultSizeOption(superuser, false, expectedForTwoConditions); + doTestResultSizeOption(superuser, true, expectedForUnion); + Session readOnlySession = null; + try { + readOnlySession = getHelper().getReadOnlySession(); + assertNotNull(readOnlySession); + doTestResultSizeOption(readOnlySession, false, -1); + doTestResultSizeOption(readOnlySession, true, -1); + } finally { + if (readOnlySession != null) { + readOnlySession.logout(); + } + } + } + + private void doTestResultSizeOption(Session session, boolean union, int expected) throws RepositoryException { + QueryManager qm = session.getWorkspace().getQueryManager(); + + String statement; + if (union) { + statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello') UNION select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'World')"; + } else { + statement = "select a.[jcr:path] from [nt:base] as a where contains(a.[text], 'Hello World')"; + } + + Query q; + long result; + NodeIterator it; + StringBuilder buff; + + // enabled by default now, in LuceneOakRepositoryStub. Disable global + System.setProperty("oak.fastQuerySize", "false"); + + // fast (insecure) case + String fastSizeResult = ""; + q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); + if (expected < 0) { + // if expected < 0, i.e. insufficient permissions, expect a InvalidQueryException on execute(). + try { + it = q.execute().getNodes(); + fail("expected an InvalidQueryException caused by a IllegalArgumentException"); + } catch (InvalidQueryException e) { + assertTrue("expected an InvalidQueryException caused by a ParseException", + e.getCause() instanceof IllegalArgumentException); + } + } else { + it = q.execute().getNodes(); + result = it.getSize(); + assertTrue("size: " + result + " expected around " + expected, + result > expected - 50 && + result < expected + 50); + buff = new StringBuilder(); + while (it.hasNext()) { + Node n = it.nextNode(); + buff.append(n.getPath()).append('\n'); + } + fastSizeResult = buff.toString(); + q = qm.createQuery(statement + " option (insecure result size)", Query.JCR_SQL2); + q.setLimit(90); + it = q.execute().getNodes(); + assertEquals(90, it.getSize()); + } + + // default (secure) case + q = qm.createQuery(statement, Query.JCR_SQL2); + it = q.execute().getNodes(); + result = it.getSize(); + assertEquals(-1, result); + buff = new StringBuilder(); + while (it.hasNext()) { + Node n = it.nextNode(); + buff.append(n.getPath()).append('\n'); + } + String regularResult = buff.toString(); + if (expected >= 0) { + assertEquals(regularResult, fastSizeResult); + } + + System.clearProperty("oak.fastQuerySize"); Review Comment: This should be inside a "finally" block, so that if the test fails, other tests are not affected. ########## oak-doc/src/site/markdown/query/query-engine.md: ########## @@ -267,6 +269,22 @@ Limitations: you need to also set the property `refresh` to `true` (Boolean), so that the change is applied. No indexing is required. +#### Query Option Insecure Result Size + +`@since Oak 1.60.0 (OAK-10424)` + +NOTE: The principal executing the query must have been granted the repository privilege `rep:insecureQueryOptions` (see [Privilege Management / Query Execution](../security/privilege/mappingtoprivileges.md#query-execution)). + +Enabling this option activates the same Compatibility behavior for NodeIterator.getSize() as described in [Result Size](#result-size), but only for the query being executed. Review Comment: Typo(?): lowercase "compatibility" -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org