From 4ea253c9f9ae91a05b54b2515841b02365d6bdd9 Mon Sep 17 00:00:00 2001 From: Felix Gradinaru Date: Mon, 26 Jan 2026 14:35:43 +0100 Subject: [PATCH 1/2] BUGFIX: Find nodes in CR without security checks to allow nodes of other workspaces Backport of #419 to Neos 8.x This wraps the getNodeByIdentifier() call in withoutAuthorizationChecks() to prevent workspace-related authorization checks from failing when indexing nodes that exist in different workspaces. Resolves the error: Node workspace "user-xxx" not found in allowed workspaces (live), this could result from a detached workspace entity in the context. --- Classes/Indexer/NodeIndexer.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Classes/Indexer/NodeIndexer.php b/Classes/Indexer/NodeIndexer.php index 8d7572f2..fc01a32d 100644 --- a/Classes/Indexer/NodeIndexer.php +++ b/Classes/Indexer/NodeIndexer.php @@ -36,6 +36,7 @@ use Neos\ContentRepository\Search\Indexer\AbstractNodeIndexer; use Neos\ContentRepository\Search\Indexer\BulkNodeIndexerInterface; use Neos\Flow\Annotations as Flow; +use Neos\Flow\Security\Context as SecurityContext; use Neos\Utility\Exception\FilesException; use Neos\Flow\Log\Utility\LogEnvironment; use Psr\Log\LoggerInterface; @@ -145,6 +146,12 @@ class NodeIndexer extends AbstractNodeIndexer implements BulkNodeIndexerInterfac */ protected $errorStorage; + /** + * @Flow\Inject + * @var SecurityContext + */ + protected $securityContext; + /** * The current Elasticsearch bulk request, in the format required by https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html */ @@ -270,7 +277,11 @@ public function indexNode(NodeInterface $node, $targetWorkspace = null): void }; $handleNode = function (NodeInterface $node, Context $context) use ($targetWorkspace, $indexer) { - $nodeFromContext = $context->getNodeByIdentifier($node->getIdentifier()); + $nodeFromContext = $this->securityContext->withoutAuthorizationChecks( + function () use ($context, $node) { + return $context->getNodeByIdentifier($node->getIdentifier()); + } + ); if ($nodeFromContext instanceof NodeInterface) { $this->searchClient->withDimensions(static function () use ($indexer, $nodeFromContext, $targetWorkspace) { $indexer($nodeFromContext, $targetWorkspace); From 21e93316df59c71f17961d0b6cde0e32ae62d026 Mon Sep 17 00:00:00 2001 From: Felix Gradinaru Date: Wed, 28 Jan 2026 12:47:06 +0100 Subject: [PATCH 2/2] BUGFIX: Use reference variable for withoutAuthorizationChecks callback result Flow's SecurityContext::withoutAuthorizationChecks() has a void return type and does not return the callback result. The previous implementation assumed the return value would be passed through, causing $nodeFromContext to always be null and preventing any nodes from being indexed. This fix captures the result via a reference variable instead. --- Classes/Indexer/NodeIndexer.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Classes/Indexer/NodeIndexer.php b/Classes/Indexer/NodeIndexer.php index fc01a32d..08e28444 100644 --- a/Classes/Indexer/NodeIndexer.php +++ b/Classes/Indexer/NodeIndexer.php @@ -277,9 +277,10 @@ public function indexNode(NodeInterface $node, $targetWorkspace = null): void }; $handleNode = function (NodeInterface $node, Context $context) use ($targetWorkspace, $indexer) { - $nodeFromContext = $this->securityContext->withoutAuthorizationChecks( - function () use ($context, $node) { - return $context->getNodeByIdentifier($node->getIdentifier()); + $nodeFromContext = null; + $this->securityContext->withoutAuthorizationChecks( + function () use ($context, $node, &$nodeFromContext) { + $nodeFromContext = $context->getNodeByIdentifier($node->getIdentifier()); } ); if ($nodeFromContext instanceof NodeInterface) {