Invisible reference is null and does not throw access denied exceptio…

…n. (#1993)
SenseNet · Nov 27, 2023 · aee7f10 · aee7f10
1 parent 2fb7d7a
commit aee7f10
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 16 deletions.
diff --git a/src/Storage/NodeList.cs b/src/Storage/NodeList.cs
@@ -560,7 +560,11 @@ internal Q GetSingleValue<Q>() where Q : Node
         {
             if (RawData.Count < 1)
                 return null;
-            var singleNode = Node.Load<T>(RawData[0]);
+            Node singleNode;
+            using(new SystemAccount())
+                singleNode = Node.Load<T>(RawData[0]);
+            if(!singleNode.Security.HasPermission(AccessProvider.Current.GetCurrentUser(), PermissionType.See))
+                return null;
             return singleNode as Q;
         }
         internal void SetSingleValue<Q>(Q value) where Q : Node

diff --git a/src/Tests/SenseNet.ContentRepository.Tests/NodeTests.cs b/src/Tests/SenseNet.ContentRepository.Tests/NodeTests.cs
@@ -178,17 +178,8 @@ public void Node_Reference_SetReference_Simple_Invisible()
                 {
                     var loadedLink = Node.Load<ContentLink>(link.Id);
 
-                    // Restrictive user cannot access the current target.
-                    //Assert.IsNull(loadedLink.Link);
-                    try
-                    {
-                        var currentLint = loadedLink.Link;
-                        Assert.Fail("The expected AccessDeniedException was not thrown.");
-                    }
-                    catch (SenseNetSecurityException)
-                    {
-                        // expected exception
-                    }
+                    // Restrictive user cannot see/access the current target.
+                    Assert.IsNull(loadedLink.Link);
 
                     // Set new target
                     var loadedTarget = Node.LoadNode(target1.Id);

diff --git a/src/Tests/SenseNet.ODataTests/ODataImportTests.cs b/src/Tests/SenseNet.ODataTests/ODataImportTests.cs
@@ -310,8 +310,8 @@ await Providers.Instance.SecurityHandler.CreateAclEditor()
             // Assert for Importer
             using (new CurrentUserBlock(importerUser))
             {
-                //Assert.AreEqual(null, importedContent.GetReference<User>("Manager"));
-                //TODO: delete the following assert and use importedContent.GetReference if the bug #1900 resolved.
+                Assert.AreEqual(null, importedContent.GetReference<User>("Manager"));
+                Assert.IsFalse(importedContent.HasReference("Manager", (User)referredUser));
                 var content = Content.Create(importedContent);
                 var manager = ((List<Node>)content["Manager"]).FirstOrDefault();
                 Assert.IsNull(manager);
@@ -383,8 +383,8 @@ await Providers.Instance.SecurityHandler.CreateAclEditor()
             // Assert for Importer
             using (new CurrentUserBlock(importerUser))
             {
-                //Assert.AreEqual(null, importedContent.GetReference<User>("Manager"));
-                //TODO: delete the following assert and use importedContent.GetReference if the bug #1900 resolved.
+                Assert.AreEqual(null, importedContent.GetReference<User>("Manager"));
+                Assert.IsFalse(importedContent.HasReference("Manager", (User)referredUser));
                 var content = Content.Create(importedContent);
                 var manager = ((List<Node>) content["Manager"]).FirstOrDefault();
                 Assert.IsNull(manager);