On Tue, Nov 18, 2014 at 3:47 PM, Philip Durbin <philip_dur...@harvard.edu> wrote: > Solr JOINs are a way to enforce simple document security, as explained > by Yonik Seeley at > http://lucene.472066.n3.nabble.com/document-level-security-filter-solution-for-Solr-tp4126992p4126994.html > > I'm trying to tweak this pattern so that I don't have to keep the > security information in each of my primary Solr documents. > > I just posted the gist at > https://gist.github.com/pdurbin/4d27fea7b431ef3bf4f9 as an example of > my working Solr JOIN based on data in `before.json` . Permissions per > user are embedded in the primary documents like this: > > { > "id": "dataset_3", > "perms_ss": [ > "alice", > "bob" > ] > }, > { > "id": "dataset_4", > "perms_ss": [ > "alice", > "bob", > "public" > ] > }, > > User document have been created to do the JOIN on: > > { > "id": "alice", > "groups_s": "alice" > }, > > The JOIN looks like this: > > {!join+from=groups_s+to=perms_ss}id:public+OR+{!join+from=groups_s+to=perms_ss}id:alice
It would probably be faster written as a single join: fq={!join+from=groups_s+to=perms_ss}id:(public alice) Or, if you're using Heliosearch you could cache the filters separately for better hit rates on commonly used perms via the "filter" keyword: fq=filter({!join+from=groups_s+to=perms_ss}id:public) OR filter({!join+from=groups_s+to=perms_ss}id:alice) -Yonik http://heliosearch.org - native code faceting, facet functions, sub-facets, off-heap data