Handling security issues will be an integral part of Global Search. Last thing we want is users getting access to prohibited records through search. It will be a huge blow to the project if users get access to documents that they are not premissible to view. For this, the solution will be to filter the results after receiving the XML format of the query response from the solr server.

Here, I will be using 3 cases for every search result:

  • SEARCH_ACCESS_GRANTED

  • SEARCH_ACCESS_DENIED

  • SEARCH_ACCESS_DELETED

I will check for every result whether the user has access to view it or not. If the user doesn’t have access to it SEARCH_ACCESS_DENIED, that particular result will not be shown to the user. In the alternative case, if the user is found to have permission to view a particular result SEARCH_ACCESS_GRANTED, then that record will be further checked if it has been deleted or not.

  • If it has been deleted SEARCH_ACCESS_DELETED, the index will be updated by deleting that document from the index using deleteByQuery('id:'.$docid)

  • If the record still exists, the result is then displayed to the user.

We will be getting only 1000 results from the Solr response Object for a query $query->setRows(1000) and check for access. Once, we have 100 results to be shown to the user (having SEARCH_ACCESS_GRANTED), it will stop checking for permission and will terminate showing those 100 results.