Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Next »

Goal

This article provides information about the functionality, configuration and workflow behind the filter by permissions feature of the Sitefinity connector.

Prerequisite

Configured Connector - Configure Hawksearch

Steps to configure filtering by Permissions

  1. Open the Sitefinity backend, create a user - Sitefinity permissions overview

  2. Assign that user a role by editting the user profile or by click Assign to role

  3. Edit the permission for that role so that the user cannot view a certain content type e.g News

  4. Go to Content and create one blog post and one news (your-site-domain/Sitefinity/adminapp/content/newsitems)

  5. Go to Administration → Search Indexes , create an index and reindex (your-site-domain/Sitefinity/Administration/Search)

  6. Create a Sitefinity page and open it for editting (your-site-domain/Sitefinity/adminapp/pages)

  7. Place the Hawksearch box and Hawksearch results widgets

  8. Open the widget designer of each widget and click the Filter by permissions checkbox

  9. Under Where to search choose the newly created index and save the changes

  10. Open the page in the Frontend and search for the news that was created

It is not necessary to create an index for the Filter by Permissions functionality to work.

How it works

Search Workflow

When filtering is active the connector exposes endpoints for the search and autocomplete queries making it work as a proxy, so all of the search and autocomplete request are sent directly to Sitefinity.

  1. Typing in the search box sends a request to Sitefinity’s autocomplete endpoint, searching sends a request to Sitefinity’s search endpoint.

  2. On it’s end Sitefinity makes a server-side call to the Hawksearch API with the following parameters :

-Client ID, Index name, Keyword, Page number, Sort By, Boost and Bury etc.

3. The Hawksearch API then responds with a set of results depending on the parameters sent

3. Sitefinity then resolves the current user’s identity and evaluates the permissions he has

4. The user’s permissions are then used to filter the set of results server-side

5. After the filtering is completed the results are displayed to the user though the Hawksearch results widget.

By filtering the results on the server the request cannot be intercepted client-side therefore making sure the results cannot be seen before they were filtered.

Indexing Workflow

There are many operations that need to be executed in order to provide the user with the proper results such as filtering by permissions, paging, boosting certain results.

  • Filtering by Permissions

Hawksearch doesn’t hold the user’s role data so the filtering by permission is done on behalf of Sitefinity. When the Hawksearch API returns a set of results, Sitefinity checks the current user’s identity and all of the roles that are assigned to him. Then for each result that the Hawksearch API sent Sitefinity checks whether the current user is granted permissions to see it, if not that result is removed. When all of the results have been checked the final result set is sent to the Hawksearch widgets.

  • Paging

The paging is done on behalf of Hawksearch and depends on the following parameters that Sitefinity sends : page number, max results per page, sort by. Hawksearch then uses there parameters to return the correct set of results.

  • Boosting

If boosting is active Hawksearch introduces a functionality to Boost and Bury certain results depending on rules that can be created in the Hawksearch Dashboard.

  • No labels