IndexTank how to handle permissions

Question

IndexTank how to handle permissions

It is ** LLO, Given the Indextank index, for example: class Threads <ActiveRecord :: Base has_many: permissions
enable tanker

tankit 'rails_3_demo' do indexes :content end after_save :update_tank_indexes after_destroy :delete_tank_indexes end

This index exists in my Thread model. The problem is threads that have permissions. Currently, if I allow the user to search by index, they will search all user threads. What is a smart way to handle permissions so that I can only search in the threads that the user has to access. Thanks **

SCHEMA:

 USER (id) PROJECT (id) PERMISSION (user_id, project_id) Thread (project_id)

As long as the user has a permission entry for the project, they can view all of these project flows.

+4

ruby-on-rails search ruby-on-rails-3 heroku

Theexit May 21 '11 at 16:47

source share

1 answer

Diego basch · Accepted Answer · 2011-05-22T07:29:22+0000

One way to do this is to also allow indexing and add "And permissions: [value]" in your queries, where value is the permissions that correspond to the user. Thus, the user will see only those results that have the correct permissions.

To provide you with more detailed information, I need to know your permission scheme, but, for example, your permission variable that you specified may be a string with words such as "root joe bob jim" for a stream that only these users can access .

IndexTank how to handle permissions

More articles: