Document-level Permissions Approach


(Jori-2) #1

Hi,

I have a question about how to implement the following in ElasticSearch:

  1. Tokens can be a User IDs, Organization IDs, and Group IDs.
    (To make this example easier to follow I am using single-character tokens
    but in reality they are 16-character long strings that are the
    Base64-encoding of 12-byte MongoDB IDs. There is also a unique Public ID
    which all public documents have and which all queries can access.)
  2. Each user has access to a list of tokens they are authorized to
    access.
  3. Each document has a list of tokens that are authorized to access
    it.

I tried to do something like the following:

SAMPLE DOCUMENT

{
content: "Some sample text",
auth: [ "A", "C", "D" ]
}

SAMPLE QUERY

{
"query": {
"filtered": {
"query": {
"query_string": { "query": "sample" }
},
"filter": {
"terms": { "auth": [ "A", "B" ] }
}
}
}
}

This query is not working for me. I am trying to use terms to basically
to do an array/array intersection test but it seems like it can only do a
single-value/array intersection test since the example works if I replace:

auth: [ "A", "C", "D" ]

with

auth: "A"

Is there a way to make terms work with this or should I be taking a
different approach?

Thank you!

p.s. Thanks for/to ElasticSearch and its community.


(Hendrik) #2

Maybe this is interesting
https://groups.google.com/forum/?fromgroups#!topic/elasticsearch/tavroa3Nw5g

Am Mittwoch, 11. Juli 2012 16:58:01 UTC+2 schrieb Jori:

Hi,

I have a question about how to implement the following in ElasticSearch:

  1. Tokens can be a User IDs, Organization IDs, and Group IDs.
    (To make this example easier to follow I am using single-character tokens
    but in reality they are 16-character long strings that are the
    Base64-encoding of 12-byte MongoDB IDs. There is also a unique Public ID
    which all public documents have and which all queries can access.)
  2. Each user has access to a list of tokens they are authorized to
    access.
  3. Each document has a list of tokens that are authorized to
    access it.

I tried to do something like the following:

SAMPLE DOCUMENT

{
content: "Some sample text",
auth: [ "A", "C", "D" ]
}

SAMPLE QUERY

{
"query": {
"filtered": {
"query": {
"query_string": { "query": "sample" }
},
"filter": {
"terms": { "auth": [ "A", "B" ] }
}
}
}
}

This query is not working for me. I am trying to use terms to
basically to do an array/array intersection test but it seems like it can
only do a single-value/array intersection test since the example works if I
replace:

auth: [ "A", "C", "D" ]

with

auth: "A"

Is there a way to make terms work with this or should I be taking a
different approach?

Thank you!

p.s. Thanks for/to ElasticSearch and its community.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(system) #3