Lucene indexing with restricted user access

Question

We are trying to add full text search capabilities to our custom knowledge Base using lucene respectively solr. We currently restrict what a user can see with a role based model. So there is an array of roles attached to each article and if a user is also a member of one of that roles he / she can view the article.

So of course the search should only return results the user has access to.

I am a bit stuck on where to start or how to do this. Do I need to filter the results later? Do I create a role based index?

It would be highly appreciated if someone can point me in the right direction.

Thanks. Stephanie.

Answer 1

I would advice storing the access roles as metadata. Let define access_roles is able to multi-valued string field.

access_roles:[user, admin] // Users and the Admin roles can access this search.
access_roles:[user, admin, anonymous] // Users and the Admin and Anonymous roles can access this search.

You should edit access roles when you want to change permissions.

---

When Users who have user role searches, solr will retrieve only the results that match the user's access role.

When User who have (user) role and also (admin) role searches, him searches go like:

q=mainquery
&fq=access_roles:user
&fq=access_roles:admin
&facet=on
&facet.field=access_roles

which fetches all result which contains user role OR admin role in access_roles;

When user, (user) role, member of a special team (it_department) role searches,

q=mainquery
&fq=access_roles:user
&fq=access_roles:it_department
&facet=on
&facet.field=access_roles

which fetches 'it_department' documents also

I have drawed authorization scheme for better understand

Queries adapted from http://wiki.apache.org/solr/SimpleFacetParameters#Multi-Select_Faceting_and_LocalParams