Yep, that's what I'm suggesting as one possible approach to consider,
whether it will work or not depends on your specifics.
Character length in a token doesn't really matter for solr performance.
It might be less confusing to actually put "read update delete own" (or
whatever 'o' stands for) in a field, such that it will be tokenized so
each of those words is a seperate token. (Make sure you aren't stemming
or using synonyms, heh!).
Or instead of seperating a single string into tokens, use a multi-valued
String field, and put "read", "delete", etc in as seperate values. That
is actually more straightforward and less confusing than tokenizing.
Then you can just search for fq=permissions:read or whatever.
Again, whether this will actually work for you depends on exactly what
you're requirements are, but it's something to consider, before
resorting to weird patches. It will work in any Solr version.
The first approach to solving a problem in Solr should be trying to
think "Can I solve this by setting up my index in such a way that I can
ask the questions I want simply by asking if a certain token is in a
certain field?" Because that's what Solr does, basically, tell you if
certain tokens are in certain fields. If you can reduce the problem to
that, Solr will handle it easily, simply, and efficiently. Otherwise,
you might need weird patches. :)
On 1/19/2011 12:45 PM, Dennis Gearon wrote:
So, if I used something like r-u-d-o in a field (read,update,delete,others) I
could get it tokenized to those four characters,and then search for those in
that field. Is that what you're suggesting, (thanks by the way).
An article I read created a 'hybrid' access control system (can't remember if it
was ACL or RBAC). It used a primary system like Unix file system 9bit permission
for the primary permissions normally needed on most objects of any kind, and
then flagged if there were any other permissions and any other groups. It was
very fast for the primary permissons, and fast for the secondary.
Dennis Gearon
Signature Warning
----------------
It is always a good idea to learn from your own mistakes. It is usually a better
idea to learn from others’ mistakes, so you do not have to make them yourself.
from 'http://blogs.techrepublic.com.com/security/?p=4501&tag=nl.e036'
EARTH has a Right To Life,
otherwise we all die.
----- Original Message ----
From: Jonathan Rochkind<rochk...@jhu.edu>
To: "solr-user@lucene.apache.org"<solr-user@lucene.apache.org>
Sent: Wed, January 19, 2011 8:40:30 AM
Subject: Re: unix permission styles for access control
No. There is no built in way to address 'bits' in Solr that I am aware
of. Instead you can think about how to transform your data at indexing
into individual tokens (rather than bits) in one or more field, such
that they are capable of answering your query. Solr works in tokens as
the basic unit of operation (mostly, basically), not characters or bytes
or bits.
On 1/19/2011 9:48 AM, Dennis Gearon wrote:
Sorry for repeat, trying to make sure this gets on the newsgroup to 'all'.
So 'fieldName.x' is how to address bits?
Dennis Gearon
Signature Warning
----------------
It is always a good idea to learn from your own mistakes. It is usually a
better
idea to learn from others’ mistakes, so you do not have to make them yourself.
from 'http://blogs.techrepublic.com.com/security/?p=4501&tag=nl.e036'
EARTH has a Right To Life,
otherwise we all die.
----- Original Message ----
From: Toke Eskildsen<t...@statsbiblioteket.dk>
To: "solr-user@lucene.apache.org"<solr-user@lucene.apache.org>
Sent: Wed, January 19, 2011 12:23:04 AM
Subject: Re: unix permission styles for access control
On Wed, 2011-01-19 at 08:15 +0100, Dennis Gearon wrote:
I was wondering if the are binary operation filters? Haven't seen any in the
book nor was able to find any using google.
So if I had 0600(octal) in a permission field, and I wanted to return any
records that 'permission& 0400(octal)==TRUE', how would I filter that?
Don't you mean permission& 0400(octal) == 0400? Anyway, the
functionality can be accomplished by extending your index a bit.
You could split the permission into user, group and all parts, then use
an expanded query.
If the permission is 0755 it will be indexed as
user_p:7 group_p:5 all_p:5
If you're searching for something with at least 0650 your query should
be expanded to
(user_p:7 OR user_p:6) AND (group_p:7 OR group_p:5)
Alternatively you could represent the bits explicitly in the index:
user_p:1 user_p:2 user_p:4 group_p:1 group_p:4 all_p:1 all_p:5
Then a search for 0650 would query with
user_p:2 AND user_p:4 AND group_p:1 AND group_p:4
Finally you could represent all valid permission values, still split
into parts with
user_p:1 user_p:2 user_p:3 user_p:4 user_p:5 user_p:6 user_p:7
group_p:1 group_p:2 group_p:3 group_p:4 group_p:5
all_p:1 all_p:2 all_p:3 all_p:4 all_p:5
The query would be simply
user_p:6 AND group_p:5
