@@ -151,23 +151,23 @@ public void additionalSearchParameters(Context context, DiscoverQuery discoveryQ
151151 */
152152 if (actions .isEmpty ()) {
153153 // If no actions are included, we only check for read permissions
154- resourceQuery .append ("{!terms f=read}" ).append (epersonAndGroupClause ).append ( " OR " )
155- .append ("{!terms f=admin}" ).append (epersonAndGroupClause );
154+ resourceQuery .append ("( {!terms f=read}" ).append (epersonAndGroupClause ).append ( ") OR ( " )
155+ .append ("{!terms f=admin}" ).append (epersonAndGroupClause ). append ( ")" ) ;
156156 } else if (actions .contains (Constants .ADMIN )) {
157157 // If the actions array contains the admin action, we only check for admin permissions
158- resourceQuery .append ("{!terms f=admin}" ).append (epersonAndGroupClause );
158+ resourceQuery .append ("( {!terms f=admin}" ).append (epersonAndGroupClause ). append ( ")" );
159159 } else {
160160 // If the actions array contains other actions, we check for read permissions and the actions passed
161161 resourceQuery .append ("(" );
162- resourceQuery .append ("{!terms f=read}" ).append (epersonAndGroupClause );
162+ resourceQuery .append ("( {!terms f=read}" ).append (epersonAndGroupClause );
163163 for (int action : actions ) {
164164 String actionName = getIndexedActionName (action );
165- resourceQuery .append (" AND " ).append ("{!terms f=" ).append (actionName ).append ("}" )
166- .append (epersonAndGroupClause );
165+ resourceQuery .append (") AND ( " ).append ("{!terms f=" ).append (actionName ).append ("}" )
166+ .append (epersonAndGroupClause ). append ( ")" ) ;
167167 }
168168 resourceQuery .append (")" );
169- resourceQuery .append (" OR " ).append ("{!terms f=admin}" )
170- .append (epersonAndGroupClause );
169+ resourceQuery .append (" OR ( " ).append ("{!terms f=admin}" )
170+ .append (epersonAndGroupClause ). append ( ")" ) ;
171171 }
172172
173173 // Add to the query the locations the user has administrative rights on to cover the cases of
0 commit comments