mirror of
https://github.com/documize/community.git
synced 2025-08-08 15:05:28 +02:00
Implement category-based permissioning for search results
Only see what you can see. Co-Authored-By: Saul S <sauls8t@users.noreply.github.com>
This commit is contained in:
parent
ae50b889c5
commit
467acec3c4
5 changed files with 95 additions and 9 deletions
|
@ -14,8 +14,10 @@ package search
|
|||
import (
|
||||
"github.com/documize/community/domain"
|
||||
"github.com/documize/community/model/attachment"
|
||||
"github.com/documize/community/model/category"
|
||||
"github.com/documize/community/model/doc"
|
||||
"github.com/documize/community/model/page"
|
||||
sm "github.com/documize/community/model/search"
|
||||
)
|
||||
|
||||
// IndexDocument adds search indesd entries for document inserting title, tags and attachments as
|
||||
|
@ -103,3 +105,34 @@ func (m *Indexer) DeleteContent(ctx domain.RequestContext, pageID string) {
|
|||
|
||||
ctx.Transaction.Commit()
|
||||
}
|
||||
|
||||
// FilterCategoryProtected removes search results that cannot be seen by user
|
||||
// due to document cateogory viewing permissions.
|
||||
func FilterCategoryProtected(results []sm.QueryResult, cats []category.Category, members []category.Member) (filtered []sm.QueryResult) {
|
||||
filtered = []sm.QueryResult{}
|
||||
|
||||
for _, result := range results {
|
||||
hasCategory := false
|
||||
canSeeCategory := false
|
||||
|
||||
OUTER:
|
||||
|
||||
for _, m := range members {
|
||||
if m.DocumentID == result.DocumentID {
|
||||
hasCategory = true
|
||||
for _, cat := range cats {
|
||||
if cat.RefID == m.CategoryID {
|
||||
canSeeCategory = true
|
||||
continue OUTER
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if !hasCategory || canSeeCategory {
|
||||
filtered = append(filtered, result)
|
||||
}
|
||||
}
|
||||
|
||||
return
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue