Well you've at least confirmed what I was thinking :).
I am using payloads now for this and I think I have something very basic
working. The results don't get dropped out when the scores are 0 so I had
to also write a custom collector that could be plugged into the
AnalyticQueryAPI (maybe there i
bq: Your "ugly problem" is my situation I think ;)
No, your problem is much worse ;(
The _contents_ of fields are restricted, which is
horrible.
OK, here's another idea out of waaay left field: Payloads.
It hinges on there being an OK number of possible combinations
which seems to be the ca
Sorry for being vague, I'll try to explain more. In my use case a
particular field does not have a security control, it's the data in the
field. So for instance if I had a schema with a field called name, there
could be data that should be secured at A, B, A&B, A|B, etc within that
field. So aga
I'm not quite getting it here. I'm guessing that you do not
allow fielded queries or you strictly control the fields a user
sees to pick from. Otherwise your security stuff goes out the
window, say you have a drop-down list of fields to choose from
or something.
Assuming you do NOT have such a thi
Looks like this may be what I'm looking for
*SolrRequestInfo*
I have not tried this yet but looks promising.
Assuming this works, thinking about your suggestion I would need to rewrite
the users query with the appropriate fields, are there any utilities for
doing this? I'd be looking to rewrite
I answered my own question, looks like the field infos are always read
within the IndexSearcher so that cost is already being paid.
I would potentially have to duplicate information in multiple fields if it
was present at multiple authorization levels, is there a limit to the
number of fields with
I had thought about this in the past, but thought it might be too
expensive. I guess in a search component I could look up all of the fields
that are in the index and only run queries against fields they should be
able to see once I know what is in the index (this is what you're
suggesting right?)
Why don't you handle it all at the app level? Here's what I mean:
I'm assuming that you're using edismax here, but the same principle
applies if not.
Your handler (say the "/select" handler) has a "qf" parameter which defines
the fields that are searched over in the absence of a field qualifier,
