Hi, I am looking at applying a security filter for our lucene document and I was wondering if I could get feedback on whether the solution I have come up with. Firstly I will explain the scenario and followed by the proposed solution:
We have a concept of a Layer which is a project whereby a broker can trade with underwriters. A layer can have more than one underwriter working on this project therefore both underwriters can search for the same layer. The issue is the following: UWA signs business on a Layer L1 using a reference 'HELLO' UWB signs business on the same Layer L1 using a reference 'BYE' Both Underwriters are legitimately allowed to access the Layer L1 so the security rules will not remove any search hits for L1. However, if UWB searches for text 'HELLO' he should not get L1 in his search results as he is not to know that L1 includes a writer reference HELLO for UWA. In the simple case he will see this result. Now this is not acceptable for our case. The proposed solution is that we do the following: Document: uw-reference = HELLO uw-reference = BYE With additional field like uw-uwa = HELLO uw-uwb = BYE So when UWB performs a search of "HELLO" there will be an additional filter applied which would be like "uw-uwb:HELLO" so the final query would be like: uw-reference:HELLO + (uw-uwb:HELLO) (approximately) Th I created a test case to test this solution and it works. The problem is that if UWB searches for "HELLO" that exists in another field such as: data:HELLO then he should get a result. It's only when the query is matched on reference he should not see anything. My testcase fails when the match is made on the data field as the security filter does not pass (valid filter). Is there a way around this? Hope this made sense! Any advice would be highly appreciated
