Hi, SOLR-1834 is good when the original documents' ACL is accessible. SOLR-1872 is good where the usernames are persistent - neither of these really fit your use case. It sounds like you need more of an 'in-memory', transient access control mechanism. Does the access have to exist beyond the user's session (or the Solr vm session)? Your best bet is probably something like a custom SearchComponent or similar, that keeps track of user purchases, and either adjusts/limits the query or the results to suit. With your own module in the query chain, you can then decide when the 'expiry' is, and limit results accordingly.
SearchComponent's are pretty easy to write and integrate. Have a look at: http://wiki.apache.org/solr/SearchComponent for info on SearchComponent and its usage. On Tue, Jun 14, 2011 at 8:18 AM, Sujatha Arun <suja.a...@gmail.com> wrote: > Hello, > > > Our Use Case is as follows > > Several solr webapps (one JVM) ,Each webapp catering to one client .Each > client has their users who can purchase products from the site .Once they > purchase ,they have full access to the products ,other wise they can only > view details . > > The products are not tied to the user at the document level, simply because > , once the purchase duration of product expires ,the user will no longer > have access to that product. > > So a search for a product once the user logs in and searches for only the > products that he has access to Will translate to something like this . ,the > product ids are obtained form the db for a particular user and can run > into n number. > > <search term> &fq=product_id(100 10001 ......n number) > > but we are currently running into too many Boolean expansion error .We are > not able to tie the user also into roles as each user is mainly any one who > comes to site and purchases a product . > > Given the 2 solutions above as SOLR -1872 where we have to specify the user > in an ACL file and > query for allow and deny also translates to what we are trying to do above > > In Case of SOLR 1834 ,we are required to use a crawler (APACHE manifoldCF) > for indexing the Permissions(also the data) into the document and then > querying on it ,this will also not work in our scenario as we have n web > apps having the same requirement ,it would be tedious to set this up for > each webapp and also the requirement that once the user permission for a > product is revoked ,then he should not be able to search on the same within > his subscribed products. > > Any pointers would be helpful and sorry about the lengthy description. > > Regards > Sujatha >
