Hi, I am not sure what's the underlying logic of document level permission. I suppose it's something like:
- get the permission list of current user
- construct a
terms filteron field_allow_permissions
This search logic is easy for:
- super-admin user: he could read any documents, no permisson filters at all.
- normal user: he could read part of documents, with several permisson filters.
But when it comes a second level admin user, things get difficult. Say we have 10,000 unique permissons, he could access 7,000 permissions among. I worry about the performance if we construnct a 7,000 length terms filter.
So is there any other delicated design underlying the document level permission logic?