Hi, Apologies for resending this email but just wondering if I could get some input on the below. I am in the final stages of getting a proof of concept together and this is the final piece of the puzzle.
Sorry again for sending this! Cheers Amin On Fri, Sep 4, 2009 at 10:38 AM, Amin Mohammed-Coleman <ami...@gmail.com>wrote: > Hi > I include a testcase to show what I am trying to do. Testcase number 3 > fails. > > Thanks > Amin > > > On Fri, Sep 4, 2009 at 10:17 AM, Amin Mohammed-Coleman > <ami...@gmail.com>wrote: > >> Hi, >> >> I am looking at applying a security filter for our lucene document and I >> was wondering if I could get feedback on whether the solution I have come up >> with. Firstly I will explain the scenario and followed by the proposed >> solution: >> >> >> We have a concept of a Layer which is a project whereby a broker can trade >> with underwriters. A layer can have more than one underwriter working on >> this project therefore both underwriters can search for the same layer. The >> issue is the following: >> >> UWA signs business on a Layer L1 using a reference 'HELLO' >> >> UWB signs business on the same Layer L1 using a reference 'BYE' >> >> Both Underwriters are legitimately allowed to access the Layer L1 so the >> security rules will not remove any search hits for L1. However, if UWB >> searches for text 'HELLO' he should not get L1 in his search results as he >> is not to know that L1 includes a writer reference HELLO for UWA. In the >> simple case he will see this result. Now this is not acceptable for our >> case. >> >> The proposed solution is that we do the following: >> >> Document: >> uw-reference = HELLO >> uw-reference = BYE >> >> With additional field like >> >> uw-uwa = HELLO >> uw-uwb = BYE >> >> So when UWB performs a search of "HELLO" there will be an additional >> filter applied which would be like "uw-uwb:HELLO" so the final query would >> be like: >> >> uw-reference:HELLO + (uw-uwb:HELLO) (approximately) >> >> Th >> >> I created a test case to test this solution and it works. The problem is >> that if UWB searches for "HELLO" that exists in another field such as: >> data:HELLO then he should get a result. It's only when the query is >> matched on reference he should not see anything. My testcase fails when the >> match is made on the data field as the security filter does not pass (valid >> filter). Is there a way around this? Hope this made sense! >> >> Any advice would be highly appreciated >> > >
