The second option is actually possible, and actually easiest in terms of letting Solr do the most work. Presumably you have some web-app facing the user, you could pre-calculate the list of authorized viewers there on some kind of session basis.
Be careful, however, that this list of IDs doesn't grow unbounded. Anything up to several hundred is probably OK, but thousands gets to be problematical. The other thing to consider here is whether the list of authorized users changes much. The downside is that you have to index the authorized users with the document. So if I have 10,000 docs and add someone to my friend list, you have to re-index all 10,000 docs. Complex Solr queries... don't quite know what that would look like. My rule of thumb is that when I try to make Solr behave like a DB through queries...it's probably wrong. There is another option, the "no cache" filter queries, see: https://issues.apache.org/jira/browse/SOLR-2429 This was actually designed for ACL checking. You say you're relatively new to Solr, so making sense of this may be a bit daunting. The basic idea is that you can implement a PostFilter where each matching document, after all other selection criteria have been met, is sent to your code which can then give a go-no go answer. This keeps all the facets etc. accurate. Best Erick On Sat, Mar 31, 2012 at 9:57 AM, dbenjamin <benjamin.du...@gmail.com> wrote: > Hi, > > I'm relatively new to Solr, new in the way that i already used Solr several > times but always with a very simple approach, meaning simple fulltext search > with faceting and filtering. > > Today, i've to go a bit further and before i do, i'd like to get your point > of view ;-) > > I need to index users and user contents that are subject to privacy levels > like for instance : > > * Anyone > * Only me > * Only my friends > * Only people i choose > > ...really classic. > > So, when an user searches for contents on the website, in the results, we > can't show him the content elements he is not allowed to see. > > My first thought was : "There might be a way to do that with complex solr > queries" > > So i start reading the documentation, and i have to say that i understand > half of the things i read :-) > > And then, a new idea came to my mind. I was thinking about this process : > > 1- The user submits the search form with his keywords > 2- I prepare a classic fulltext search query > 3- I compute some way the friend list of the current user > 4- I add a filter to the Solr query with the result of that > 5- I send the query > > While this seems reasonable since i can add some cache system in the way to > avoid computing the friend list each time, i don't know why, it doesn't feel > right ;-) > > The other way would be to index users and users friends and somehow letting > solr doing all the job. > > What do you think ? Is the second solution even possible ? > > > Thanks ! > Br, > > Benjamin. > > -- > View this message in context: > http://lucene.472066.n3.nabble.com/Content-privacy-search-index-tp3873462p3873462.html > Sent from the Solr - User mailing list archive at Nabble.com.