1
0
Fork 0
mirror of https://github.com/documize/community.git synced 2025-08-08 15:05:28 +02:00

Implement category-based permissioning for search results

Only see what you can see.

Co-Authored-By: Saul S <sauls8t@users.noreply.github.com>
This commit is contained in:
HarveyKandola 2018-06-22 17:01:26 +01:00
parent ae50b889c5
commit 467acec3c4
5 changed files with 95 additions and 9 deletions

View file

@ -14,8 +14,10 @@ package search
import (
"github.com/documize/community/domain"
"github.com/documize/community/model/attachment"
"github.com/documize/community/model/category"
"github.com/documize/community/model/doc"
"github.com/documize/community/model/page"
sm "github.com/documize/community/model/search"
)
// IndexDocument adds search indesd entries for document inserting title, tags and attachments as
@ -103,3 +105,34 @@ func (m *Indexer) DeleteContent(ctx domain.RequestContext, pageID string) {
ctx.Transaction.Commit()
}
// FilterCategoryProtected removes search results that cannot be seen by user
// due to document cateogory viewing permissions.
func FilterCategoryProtected(results []sm.QueryResult, cats []category.Category, members []category.Member) (filtered []sm.QueryResult) {
filtered = []sm.QueryResult{}
for _, result := range results {
hasCategory := false
canSeeCategory := false
OUTER:
for _, m := range members {
if m.DocumentID == result.DocumentID {
hasCategory = true
for _, cat := range cats {
if cat.RefID == m.CategoryID {
canSeeCategory = true
continue OUTER
}
}
}
}
if !hasCategory || canSeeCategory {
filtered = append(filtered, result)
}
}
return
}