RE: Filtering queries

[Digy]

Ok, I think I overlooked the problem.

If I understand it correctly, then Brian has a case like below

Doc1:
        Title: "title1" //everyone can see.
        Text:  "text1"  //only user1 can see

Doc2:
        Title: "title2" //everyone can see.
        Text:  "text2"  //only user2 can see


If I make a search(as user1) like "Title:title*" then I should get 2 hits
but I should not read the "Text" field of Doc2.

Am I correct?

DIGY.


-----Original Message-----
From: Granroth, Neal V. [mailto:neal.granr...@thermofisher.com] 
Sent: Wednesday, April 01, 2009 7:56 PM
To: lucene-net-user@incubator.apache.org
Subject: RE: Filtering queries

Storing user-id within the index is not a good plan.
It would force you to update the index every time user access rights change,
or as users are added and removed from the system.

Also, if I have read Brian's question correctly, it is not document access
that needs to be controlled but access to specific fields.

If there is a specific set of restricted fields then rather than filtering
the results after the search a better approach would be to programtically
alter the search criteria to search only those document fields that are not
restricted.

-- Neal




-----Original Message-----
From: Digy [mailto:digyd...@gmail.com]
Sent: Wednesday, April 01, 2009 10:36 AM
To: lucene-net-user@incubator.apache.org
Subject: RE: Filtering queries

Assuming that you can store the access rights related to a doc in a field
Like;
Doc1:
 Text: --> "text1"
 AccessRights: --> "user1 user2"

Doc2:
 Text: --> "text2"
 AccessRights: --> "user2 user3"

You can inject a "+AccessRights:User1" into the query user(user1 in this
case) supplied.

DIGY.



-----Original Message-----
From: Brian Victor [mailto:homeusen...@brianhv.org]
Sent: Wednesday, April 01, 2009 5:54 PM
To: lucene-net-user@incubator.apache.org
Subject: Filtering queries

We have a system in which access to documents is controlled by a
non-trivial authorization system most closely related to ACLs.  A user
is able to either see all the document's fields, a well-defined subset
of those fields, or none of the fields.

I need help figuring out how to get lucene to not search on fields of a
document that a user can't see.

I have found the Filter class.  In order to use this, it seems I need to
know the lucene document IDs of the documents that should be visible,
and from what I understand document IDs are not fixed so I can't store a
link between them and my database rows.

I have considered storing my database IDs in a lucene field on each
document.  What I can't figure out is how to guarantee that all search
results are in the set of database IDs that a user can see.  I can
retrieve that list of IDs; is there a way to have lucene filter on that
list?

Thanks!

--
Brian