Thank you! I was thinking that filtering out from the results page would be an
approach I could take. We are still discussing this, perhaps just not giving
access to the item will be good enough.
From: Peter Dietz [mailto:[email protected]]
Sent: Tuesday, March 29, 2011 2:37 PM
To: Blanco, Jose
Cc: dspace-tech
Subject: Re: [Dspace-tech] question about item indexing.
Hi Jose,
This actually sounds like a fun project to solve with Discovery, they look like
a good match.
Regarding the traditional lucene search index, my understanding is that the
lucene index is there to provide fast query on the data. In your case you want
to restrict what gets returned to the user based on authentication. So lucene
will gives you all the fish in the ocean (all hits for query), you just want a
few fish that are safe enough for this user to eat (just hits that user has
authorization to read). Its doable, and without a monumental restructuring, it
might however be slightly messy, then just giving the user results that can't
view. On second thought, giving user hits they can't view is also kinda messy.
But it will most likely involve some refactoring.
You use JSPUI, so I'll look at that code.
In:
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/SimpleSearchServlet.java<http://scm.dspace.org/svn/repo/dspace/trunk/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/SimpleSearchServlet.java>
When it parses through each hit result, it determines if it is an item, and
then increments itemCount, instead of that, you could perform an authorization
check, see this quick and dirty
example<https://gist.github.com/892895/0dcc440abd005df01cec7b40efb5538c7f992786>.
Everywhere in Constants.ITEM you could do authz check. The weird part will be
if the user specified they want to paginate at 20 hits per page, well, the
query would return less than 20 hits after authorization restrictions are
filtered out.
Peter Dietz
On Tue, Mar 29, 2011 at 11:57 AM, Blanco, Jose
<[email protected]<mailto:[email protected]>> wrote:
We would like to make the results of the search be based on the user logged in
the system. For example,
Person: John Smith, with item: The works of John Smith
Has sole rights to the item (metadata and bitstream )
So if an anonymous user is using the system and he searches for 'The works of
John Smith' he does not get this item as part of the results, but if say John
Smith logs in and searches for 'The works of John Smith', he get the item in
the result. Presently, both users get the results but the one that can auth
into the system can see his work. In looking at the code a bit, it seems that
it would take a monumental change in the code to get this functionality since
the search indices are created for all the users of Deep Blue not just one at a
time. I just want to verify that this is true.
Thank you!
Jose
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
DSpace-tech mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/dspace-tech
------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software
be a part of the solution? Download the Intel(R) Manageability Checker
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
