Goal
This article provides information about the functionality, configuration and workflow behind the filter by permissions feature of the Sitefinity connector.
Prerequisite
Configured Connector - Configure Hawksearch
Steps to configure filtering by Permissions
Open the Sitefinity backend, create a user and assign him a role
Edit the permission for that role so that the user cannot view a certain content type e.g News
Go to Content and create one blog post and one news
Go to Administration → Search Indexes , create an index and reindex
Create a Sitefinity page and open it for editting
Place the Hawksearch box and Hawksearch results widgets
Open the widget designer of each widget and click the Filter by permissions checkbox
Under Where to search choose the newly created index and save the changes
Open the page in the Frontend and search for the news that was created
Filter by permissions workflow
When filtering is active the connector exposes endpoints for the search and autocomplete queries making it work as a proxy.
Typing in the search box triggers the connector’s autocomplete endpoint, searching triggers the connector's search endpoint.
A server-side call to the Hawksearch API is made which returns the results for that request.
The user’s permissions are evaluated and used to filter the results server-side.
After the filtering is completed the results are displayed to the user though the Hawksearch results widget.
By filtering the results on the server the request cannot be intercepted client-side therefore making sure the results cannot be seen before they were filtered.