Search API's Content Access Search API Processor, and thus our own (which adds logic to SBF Flavors) is unaware of the Moderation Module's "View any unpublished content" Permission.
Which means that this here:
// Collect all the required fields that need to be part of the index.
$unpublished_own = $account->hasPermission('view own unpublished content');
$enabled_conditions = $query->createConditionGroup('OR', ['content_access_enabled']);
foreach ($affected_datasources as $entity_type => $datasources) {
foreach ($datasources as $datasource_id) {
// If this is a comment datasource, or users cannot view their own
// unpublished nodes, a simple filter on "status" is enough. Otherwise,
// it's a bit more complicated.
$status_field = $this->findField($datasource_id, 'status', 'boolean');
if ($status_field) {
$enabled_conditions->addCondition($status_field->getFieldIdentifier(), TRUE);
}
if ($entity_type == 'node' && $unpublished_own) {
$author_field = $this->findField($datasource_id, 'uid', 'integer');
if ($author_field) {
$enabled_conditions->addCondition($author_field->getFieldIdentifier(), $account->id());
}
}
}
}
$access_conditions->addConditionGroup($enabled_conditions);
Will trigger Filter Queries against the Owner and Status on any Solr Search, even if the current User has actually direct access to see anything that is unpublished (and can navigate to the ADO itself).
The solution is simple (sadly off-hours while others are having fun!) I will add to our own
\Drupal\strawberryfield\Plugin\search_api\processor\StrawberryFlavorContentAccess
that work around and be done (gosh) with it...
@alliomeria this solves the issue at hand you experienced today.
What?
Search API's Content Access Search API Processor, and thus our own (which adds logic to SBF Flavors) is unaware of the Moderation Module's "View any unpublished content" Permission.
Which means that this here:
Will trigger Filter Queries against the Owner and Status on any Solr Search, even if the current User has actually direct access to see anything that is unpublished (and can navigate to the ADO itself).
The solution is simple (sadly off-hours while others are having fun!) I will add to our own \Drupal\strawberryfield\Plugin\search_api\processor\StrawberryFlavorContentAccess that work around and be done (gosh) with it...
@alliomeria this solves the issue at hand you experienced today.