Reputation: 43
Access Control List in Algolia Search listing
Whats the most effective way to manage access control lists in algolia.
We have item lists, but we don't want to use a global list. Our listing varies by individual users.
Our application has an ACL logic - can we align that access logic with Algolia?
Upvotes: 3
Views: 214
Answers (1)
Reputation: 2319
The best way to deal with that is to store all the records (cross users) in a single index and tag them with the individual user IDs.
{ "objectID": 1, ....., "_tags": ["user_21"] }
{ "objectID": 2, ....., "_tags": ["user_21"] }
{ "objectID": 3, ....., "_tags": ["user_42"] }
Then at search-time, use the Secured API Keys to restrict the search to a specific user ID. This is a secure solution you can use from your JavaScript code, making sure your users only search the records they have access to.
In your backend:
// if the current user is ID=42
public_key = Algolia.generate_secured_api_key('<SearchOnlyAPIKeyKeptPrivate>', {filters: 'user_42'})
In your frontend:
var client = algoliasearch("APPID", '<PublicApiKeyGeneratedForUser42>');
index.search('.....');
You can read more about API keys (especially Secured API Keys) here: https://www.algolia.com/doc/guides/security/api-keys
Upvotes: 3
Related Questions
- Algolia filter and query search
- Algolia backend search or frontend search when an user ID is involved
- Firebase and Algolia secured search no search hits
- instantsearch.js: filter initial search with query parameter from Algolia
- Can we use algolia search with access level permissions
- Customising Algolia instantsearch searchbox and results
- How do I limit the result attributes coming back from algolia?
- Send a filtered request when clicking on keyword in text with Algolia InstantSearch
- Algolia: Show all results and filter as I type
- Algolia initial search parameters instantsearch.js