TYPO3 Core

If you set up a site with an authenticated section, a user should not see search results if their account does not permit them to. However, indexed_search breaks this authentication when coupled with tt_news. To reproduce, try the following:

1) Create two groups: GroupA and GroupB
2) Create UserA in GroupA, UserB in GroupB, and GlobalUser in GroupA and GroupB
3) Create a few tt_news content items and assign them to either GroupA or GroupB
4) Create a tt_news list item on an authenticated page. This means that when UserA logs in, he should only see list items for GroupA. When UserB logs in, he should only see items for GroupB. When GlobalUser logs in, he should see all.

No matter your permission, once you log in, the search results are permissions independent. If you click on the full text, you are given an error if you do not have permission to view that item which is correct. The problem then is eliminating the entry from the search results.

(issue imported from #M11235)