I want to defeat somebody who might name their domain/resource,
"group_targetGroup_resource_permission",
which if allowed, would allow them to match permission queries based on
'targetGroup' or 'targetGroup_resource_permission'.
Forcing the searched for string in a list of permissions to BEGIN at the
beginning of the string would be what I am after.
I COULD prefix each permission with a punctuation character, disallowing
it INSIDE of group, resource, or permission names, and may yet do that.
Ex.
{
"name":"some name",
"permissions":[
"~group_resource_permission",
"~group_resource_permission",
"~group_resource_permission",
]
}
AUTHORIZATION_ANCHOR="~";
AUTHORIZATION_ELEMENT_SEPARATOR="_";
Then queries/filters are post pended with an additional term for
permissions:
" AND " + AUTHORIZATION_ANCHOR + user.group() +
AUTHORIZATION_ELEMENT_SEPARATOR + Optional_resource +
AUTHORIZATION_ELEMENT_SEPARATOR + optional_permission;
But it's cooler and a good learning experience to gain the knowledge on how
to do it in a query/filter.
In any case, which will be faster, and which will use less memory, a query
based approach, or a filter based approach? (I don't need or want ranking
based on permissions).
I actually did not put a query in my email. Those were JSON representations
of Java class attributes. I don't have a preference over query string vs
Query DSL.
What I was trying to say in my original post is that I'd like to at least
search for exact match of a substring, which starts at the beginning of the
string. And I'd like to do that in an array, if possible, but I could do it
in a long string also.
On Thursday, May 10, 2012 1:06:50 AM UTC-5, kimchy wrote:
You could just have the permissions field to be not_analyzed in the
mappings, and then it will do an exact match. Is that what you are after?
Regarding filters vs. queries, filters are cached, so if you have
a recurring cases of permissions, then filters make more sense.
Last, why do you build your query using the query parser string syntax?
Things like that are perfect for building it using the query DSL.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.