Reputation: 5320
IndexTank how to handle permissions
He**llo,
Given an Indextank index like so:
class Threads < ActiveRecord::Base
has_many :permissions
include Tanker
tankit 'rails_3_demo' do
indexes :content
end
after_save :update_tank_indexes
after_destroy :delete_tank_indexes
end
This index exists in my Thread model. Issue is threads have permissions. Currently if I allowed a user to search across the index they would be searching across all user's threads. What is the smart way to handle permissions so I user can only search across threads the user has permissions to access. Thanks**
SCHEMA:
USER (id)
PROJECT (id)
PERMISSION (user_id, project_id)
Thread (project_id)
As long as a user has a permission record for a project they can view all of that project's threads.
Upvotes: 4
Views: 176
Answers (1)
Reputation: 13079
One way to do this is to also index permissions and have append "AND permissions:[value]" to your queries, where value are the permissions that match the user. That way a user would only see the results that have the right permissions.
In order to give you more details I'd need to know your permission scheme, but for example your permissions variable that you index could be a string with words such as "root joe bob jim" for a thread that only those users can access.
Upvotes: 5
Related Questions
- Rails - Elasticsearch: Cannot create index on Heroku
- How to setup elasticsearch on Heroku?
- Searchkick reindex on heroku
- Rake searchkick reindex on heroku not working
- How to prevent an Heroku app from Google indexing?
- How to make Rails Heroku Application Contents Searchable in google?
- How to prevent abusive crawlers from crawling a rails app deployed on Heroku?
- How do I implement elastic search in a ruby on rails project hosted on heroku?
- How to prevent Heroku from clearing the indexes built by acts_as_indexed
- Managing db indexes on heroku