You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by aseem cheema <as...@gmail.com> on 2009/11/19 22:59:34 UTC
Filtering query results
Hey Guys,
I need to filter out some results based on who is performing the
search. In other words, if a document is not accessible to a user
performing search, I don't want it to be in the result set. What is
the best/easiest way to do this reliable/securely in Solr?
Thanks
--
Aseem
Re: Filtering query results
Posted by Grant Ingersoll <gs...@apache.org>.
On Nov 19, 2009, at 4:59 PM, aseem cheema wrote:
> Hey Guys,
> I need to filter out some results based on who is performing the
> search. In other words, if a document is not accessible to a user
> performing search, I don't want it to be in the result set. What is
> the best/easiest way to do this reliable/securely in Solr?
Do you have ACL info on the document? If so, you can likely do this through a filter (&fq=...). If it is somewhere else, you will likely need to integrate in a component to do it.
--------------------------
Grant Ingersoll
http://www.lucidimagination.com/
Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids) using Solr/Lucene:
http://www.lucidimagination.com/search
Re: Filtering query results
Posted by aseem cheema <as...@gmail.com>.
Thank you much for your responses guys. I do not have ACL. I need to
make a web service call to find out if a user has access to a
document. I was hoping to get search results, call the web service
with the IDs from the search results telling me what IDs the user has
access to, and then filter others before returning back to the user.
ACL and role based fq is definitely some food for thought. I will need
to figure out the synchronization issues.
Thanks
Aseem
On Fri, Nov 20, 2009 at 8:04 AM, Glock, Thomas <th...@pfizer.com> wrote:
> Hi Aseem -
>
> I had a similar challenge. The solution that works for my case was to
> add "role" as a repeating string value in the solr schema.
>
> Each piece of content contains 1 or more roles and these values are
> supplied to solr for indexing.
>
> Users also have one or more roles (which correspond exactly to the
> metadata placed on content and supplied to Solr.)
>
> So when peforming the search query, we add add an fq parameter to filter
> search results. For example q=Search Phrase&fq=role:(role1 || role2 ||
> role3)
>
> Note that ultimate restriction to content is handled elsewhere, this is
> only done as a filtering mechanism for search results. Additionally, we
> do not have unlimited sets of roles and that helps to keep the query
> string on the HTTP GET to a minimum. Finally, the roles for my system
> are additive such that if there is a match on any one role - the user
> has access - so an OR clause works. Your system may have more complex
> role rules.
>
> -----Original Message-----
> From: aseem cheema [mailto:aseemcheema@gmail.com]
> Sent: Thursday, November 19, 2009 5:00 PM
> To: solr-user@lucene.apache.org
> Subject: Filtering query results
>
> Hey Guys,
> I need to filter out some results based on who is performing the search.
> In other words, if a document is not accessible to a user performing
> search, I don't want it to be in the result set. What is the
> best/easiest way to do this reliable/securely in Solr?
> Thanks
> --
> Aseem
>
--
Aseem
RE: Filtering query results
Posted by "Glock, Thomas" <th...@pfizer.com>.
Hi Aseem -
I had a similar challenge. The solution that works for my case was to
add "role" as a repeating string value in the solr schema.
Each piece of content contains 1 or more roles and these values are
supplied to solr for indexing.
Users also have one or more roles (which correspond exactly to the
metadata placed on content and supplied to Solr.)
So when peforming the search query, we add add an fq parameter to filter
search results. For example q=Search Phrase&fq=role:(role1 || role2 ||
role3)
Note that ultimate restriction to content is handled elsewhere, this is
only done as a filtering mechanism for search results. Additionally, we
do not have unlimited sets of roles and that helps to keep the query
string on the HTTP GET to a minimum. Finally, the roles for my system
are additive such that if there is a match on any one role - the user
has access - so an OR clause works. Your system may have more complex
role rules.
-----Original Message-----
From: aseem cheema [mailto:aseemcheema@gmail.com]
Sent: Thursday, November 19, 2009 5:00 PM
To: solr-user@lucene.apache.org
Subject: Filtering query results
Hey Guys,
I need to filter out some results based on who is performing the search.
In other words, if a document is not accessible to a user performing
search, I don't want it to be in the result set. What is the
best/easiest way to do this reliable/securely in Solr?
Thanks
--
Aseem