开发者

IndexTank how to handle permissions

He**llo, Given an Indextank index like so: class Threads < ActiveRecord::Base has_many :permissions

include Tanker

  tankit 'rails_3_demo' do
    indexes :content
  end

  after_save :update_tank_indexes
  after_destroy :delete_tank_indexes

end

This index exists in my Thread model. Issue is thre开发者_高级运维ads have permissions. Currently if I allowed a user to search across the index they would be searching across all user's threads. What is the smart way to handle permissions so I user can only search across threads the user has permissions to access. Thanks**

SCHEMA:

USER (id)
PROJECT (id)
PERMISSION (user_id, project_id)
Thread (project_id)

As long as a user has a permission record for a project they can view all of that project's threads.


One way to do this is to also index permissions and have append "AND permissions:[value]" to your queries, where value are the permissions that match the user. That way a user would only see the results that have the right permissions.

In order to give you more details I'd need to know your permission scheme, but for example your permissions variable that you index could be a string with words such as "root joe bob jim" for a thread that only those users can access.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜