On Tue, Nov 18, 2014 at 3:47 PM, Philip Durbin
<philip_dur...@harvard.edu> wrote:
> Solr JOINs are a way to enforce simple document security, as explained
> by Yonik Seeley at
> http://lucene.472066.n3.nabble.com/document-level-security-filter-solution-for-Solr-tp4126992p4126994.html
>
> I'm trying to tweak this pattern so that I don't have to keep the
> security information in each of my primary Solr documents.
>
> I just posted the gist at
> https://gist.github.com/pdurbin/4d27fea7b431ef3bf4f9 as an example of
> my working Solr JOIN based on data in `before.json` . Permissions per
> user are embedded in the primary documents like this:
>
> {
> "id": "dataset_3",
> "perms_ss": [
> "alice",
> "bob"
> ]
> },
> {
> "id": "dataset_4",
> "perms_ss": [
> "alice",
> "bob",
> "public"
> ]
> },
>
> User document have been created to do the JOIN on:
>
> {
> "id": "alice",
> "groups_s": "alice"
> },
>
> The JOIN looks like this:
>
> {!join+from=groups_s+to=perms_ss}id:public+OR+{!join+from=groups_s+to=perms_ss}id:alice
It would probably be faster written as a single join:
fq={!join+from=groups_s+to=perms_ss}id:(public alice)
Or, if you're using Heliosearch you could cache the filters separately
for better hit rates on commonly used perms via the "filter" keyword:
fq=filter({!join+from=groups_s+to=perms_ss}id:public) OR
filter({!join+from=groups_s+to=perms_ss}id:alice)
-Yonik
http://heliosearch.org - native code faceting, facet functions,
sub-facets, off-heap data
