in reply to OT: WebApp Authorization Question

How do I build a document db with lucene, but tell the search engine that only certain roles can see certain docs?

When I encountered this issue with Plucene, a Perl port of Lucene, I simply included a "userids" field with each document, which was a space-separated list of the id numbers of users allowed to see that document.

I had to make sure my Plucene tokenizer class considered numbers a word constituent rather than word boundary, which was not the default.

Then, when the user performed a search, my script would programmatically add a clause requiring that the user's user_id be present in that documents userids field. This was done using various classes and methods of Plucene; I did NOT just concatenate to the search string, which could have some issues. That said, what I did is roughly the same as adding " AND userid:5" to each search.

In your case, you could have a similar field, called "role_ids".

Replies are listed 'Best First'.
Re^2: OT: WebApp Authorization Question
by Anonymous Monk on May 08, 2006 at 06:04 UTC
    When I encountered this issue with Plucene, a Perl port of Lucene, I simply included a "userids" field with each document, which was a space-separated list of the id numbers of users allowed to see that document.

    The only concern with this mechanism is the ease of updating the "userids" field. If the user list changes often, this becomes a lot of work to maintain.

    That said, what I did is roughly the same as adding " AND userid:5" to each search.

    On the other hand, if you have your search compare the permissions associated with the userid to those allowed (and have dealt with the possible problems of spoofed messages), then you're right, it becomes a relatively simple, easily maintained db.

    (Note: I'm utterly unfamiliar with lucerne or the actual tools you've used. The above comments are what came to mind as a programmer, considering the question posed).
[reply]

In Section Seekers of Perl Wisdom