Goal
This article provides information about the functionality, configuration and workflow behind the filter by permissions feature of the Sitefinity connector.
Prerequisite
Configured Connector - Configure Hawksearch
Steps to configure filtering by Permissions
Open the Sitefinity backend, create a user (your-site-domain/Sitefinity/Administration/Users)
Assign that user a role by editting the user profile or by click Assign to role
Edit the permission for that role so that the user cannot view a certain content type e.g News
Go to Content and create one blog post and one news (your-site-domain/Sitefinity/adminapp/content/newsitems)
Go to Administration → Search Indexes , create an index and reindex (your-site-domain/Sitefinity/Administration/Search)
Create a Sitefinity page and open it for editting (your-site-domain/Sitefinity/adminapp/pages)
Place the Hawksearch box and Hawksearch results widgets
Open the widget designer of each widget and click the Filter by permissions checkbox
Under Where to search choose the newly created index and save the changes
Open the page in the Frontend and search for the news that was created
Filter by permissions workflow
When filtering is active the connector exposes endpoints for the search and autocomplete queries making it work as a proxy.
Typing in the search box triggers the connector’s autocomplete endpoint, searching triggers the connector's search endpoint.
A server-side call to the Hawksearch API is made which returns the results for that request.
The user’s permissions are evaluated and used to filter the results server-side.
After the filtering is completed the results are displayed to the user though the Hawksearch results widget.
By filtering the results on the server the request cannot be intercepted client-side therefore making sure the results cannot be seen before they were filtered.