Reputation: 955
Liferay, Search and Security Model
Has anyone had any experience of implementing search on Liferay that required (a moderately complex) security model? How do you deal with the fact that not all of the results you get back from search engine will have permissions to view the content? Does the built-in search in Liferay already do this? If yes, how?
Because filtering the potentially thousands of results after they have been returned can be quite expensive. And if you don't pass all the results through the filter, you don't know how many total results (hits) your search got that you can as a logged in user, 'see'.
Upvotes: 4
Views: 985
Answers (1)
Reputation: 3660
I think it first searches from lucene and then checks whether a user has view permission on that. To check the same if you have access to source code see BaseIndexer.search. I am attaching small snippet below to show you how it does it?
PermissionChecker permissionChecker =
PermissionThreadLocal.getPermissionChecker();
int start = searchContext.getStart();
int end = searchContext.getEnd();
if (isFilterSearch() && (permissionChecker != null)) {
searchContext.setStart(0);
searchContext.setEnd(end + INDEX_FILTER_SEARCH_LIMIT);
}
Hits hits = SearchEngineUtil.search(searchContext, fullQuery);
searchContext.setStart(start);
searchContext.setEnd(end);
if (isFilterSearch() && (permissionChecker != null)) {
hits = filterSearch(hits, permissionChecker, searchContext);
}
Upvotes: 1
Related Questions
- Fine grained security in Solr
- Full text search engines and security
- Liferay Search Container
- Liferay: timeout on the regeneration of the search indexes
- Indexing and searching by the Solr, which was integrated in Liferay 6.2
- Lucene-based database search engine
- Liferay and more instances
- What is the SOLR plugin for Liferay meant for?
- Liferay search results
- (Full-Text) Search And Database Design