IndexTank how to handle permissions
He**llo, Given an Indextank index like so: class Threads < ActiveRecord::Base has_many :permissions
include Tanker tankit 'rails_3_demo' do
indexes :content
end
after_save :update_tank_indexes
after_destroy :delete_tank_indexes
end
This index exists in my Thread model. Issue is thre开发者_高级运维ads have permissions. Currently if I allowed a user to search across the index they would be searching across all user's threads. What is the smart way to handle permissions so I user can only search across threads the user has permissions to access. Thanks**
SCHEMA:
USER (id)
PROJECT (id)
PERMISSION (user_id, project_id)
Thread (project_id)
As long as a user has a permission record for a project they can view all of that project's threads.
One way to do this is to also index permissions and have append "AND permissions:[value]" to your queries, where value are the permissions that match the user. That way a user would only see the results that have the right permissions.
In order to give you more details I'd need to know your permission scheme, but for example your permissions variable that you index could be a string with words such as "root joe bob jim" for a thread that only those users can access.
精彩评论