SAK-47063 Content secured access files should never be searchable (sakaiproject#10371)

https://sakaiproject.atlassian.net/browse/SAK-47063

Author: ern

kernel/kernel-impl/src/main/java/org/sakaiproject/entity/impl/ReferenceComponent.java

@@ -32,6 +32,7 @@
 import org.sakaiproject.entity.api.ResourceProperties;
 import org.sakaiproject.user.api.User;
 import org.sakaiproject.user.api.UserDirectoryService;
+import org.sakaiproject.util.BaseResourceProperties;
 
 /**
  * <p>
@@ -184,16 +185,14 @@ public String getContext()
 	 * 
 	 * @return A ResourcesProperties object found (or constructed) for this reference.
 	 */
-	public ResourceProperties getProperties()
-	{
+	public ResourceProperties getProperties() {
 		ResourceProperties props = null;
 
-		if (m_service != null)
-		{
+		if (m_service != null) {
 			props = m_service.getEntityResourceProperties(this);
 		}
 
-		return props;
+		return (props != null) ? props : new BaseResourceProperties();
 	}
 
 	/**

search/search-impl/impl/src/java/org/sakaiproject/search/component/adapter/contenthosting/ContentHostingContentProducer.java

@@ -630,24 +630,19 @@ public boolean isForIndex(String ref)
 		return true;
 	}
 
-	public boolean canRead(String ref)
-	{
-		log.debug("canRead(" + ref);
-		try
-		{
+	public boolean canRead(String ref) {
+		log.debug("Check if resource is allowed to be read [{}]", ref);
+		try {
 			Reference reference = entityManager.newReference(ref);
-			contentHostingService.checkResource(reference.getId());
-			return true;
-		}
-		catch (Exception ex)
-		{
-			if (log.isDebugEnabled())
-			{
-				log.debug("Current user cannot read ref: " + ref, ex);
+			if (!Boolean.TRUE.toString().equalsIgnoreCase(reference.getProperties().get(ResourceProperties.PROP_SECURED).toString())) {
+				contentHostingService.checkResource(reference.getId());
+				return true;
 			}
-
-			return false;
+		} catch (Exception e) {
+			log.debug("Failed to check if resource can be read [{}]: {}", ref, e.toString());
 		}
+		log.debug("Resource is not allowed to be read [{}]", ref);
+		return false;
 	}
 
 	public Map<String, String[]> getCustomProperties(String ref)