You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by "Mugoma Joseph O." <mu...@yengas.com> on 2013/08/09 12:58:06 UTC

Filter search items based on creator permission settings

Hello,

I have an application where document creators determine what access
permission (s) to give. The permissions are of the form:

1. EVERYONE => 1
2. MY_FRIENDS => 2
3. ME_ONLY => 3


Example:

1. User 1 creates doc1 and sets permission to EVERYONE
2. User 2 created doc2 and sets permission to ME_ONLY
3. User 3 creates doc3 and sets permissions to MY_FRIENDS

In the index we have creator_ids representing the list of users who
created the document. e.g. for doc1:
creator_ids=[1]

The list of MY_FRIENDS (for each document creator) is determined by
different module, accessible at runtime.

A document can be created by more than one user, with each user giving
permissions independently. e.g.:

1. User 4  & 5 creates doc4. User 4 sets permission as EVERYONE while user
5 sets permission to ME_ONLY.
2. User 6 & 7 creates doc5. User 6 sets permissions to MY_FRIENDS while
user 7 sets permissive to ME_ONLY


For the case of multiple creators the less restrictive permission is used.
e.g.:

1. For doc4 the overriding permission will be EVERYONE
2. For doc5 the overriding permission will be MY_FRIENDS


I have checked several discussions and can't find one that fits the model
above:

1.
http://stackoverflow.com/questions/9222835/solr-permissions-filtering-results-depending-on-access-rights
2. https://issues.apache.org/jira/browse/SOLR-1872
3. https://issues.apache.org/jira/browse/SOLR-1834
4. http://lucene.472066.n3.nabble.com/Solr-and-Permissions-td2663289.html
5. http://stackoverflow.com/questions/6815250/fine-grained-security-in-solr



What's the best way handling this?

Thanks in advance.

Mugoma.

Re: Filter search items based on creator permission settings

Posted by Chris Hostetter <ho...@fucit.org>.
: In-Reply-To:
:     <CA...@mail.gmail.com>
: References:
:     <CA...@mail.gmail.com>
: Subject: Filter search items based on creator permission settings

https://people.apache.org/~hossman/#threadhijack
Thread Hijacking on Mailing Lists

When starting a new discussion on a mailing list, please do not reply to 
an existing message, instead start a fresh email.  Even if you change the 
subject line of your email, other mail headers still track which thread 
you replied to and your question is "hidden" in that thread and gets less 
attention.   It makes following discussions in the mailing list archives 
particularly difficult.



-Hoss