Kentico: Filter by permissions: Setup
In this article you'll find:
Goal
The purpose of this article is to provide you with a step-by-step guide on how to configure the permission filtering functionality.
Prerequisite
Configured connector - Kentico: System Settings Setup
Indexing API overview - Kentico: Indexing API Overview
Steps to configure permission filtering
From the application selector side menu (F2 or button top left) choose the Settings application.
Go to Integration / Hawksearch where you’ll find the settings for the connector.
Make sure Use permission filtering is enabled.
From the application selector side menu (F2 or button top left) choose the Roles application.
Create a role called Unauthenticated Users.
From the application selector side menu (F2 or button top left) choose the Users application.
Edit the public user.
Go to their roles on the menu on the left and assign them the role you just created.
Create or use an existing Page Type to create two separate pages in the Pages application for you to index.
In the Pages application, click on one of the pages you just created then click on Properties / Security.
Add the new role to the list and make sure you check the Allow Read on the access rights.
Repeat the process, but for the second page and this time make sure you check the Deny Read on the access rights.
Re-index the index - Kentico: Indexing API Overview
Go to the live MVC application after setting up the widgets - Kentico: Working with widgets .
Perform a search.
If everything worked correctly, you should not see the page you denied permissions for.
How it works
Search Workflow
When filtering is active the connector exposes endpoints for the search and autocomplete requests making it work as a proxy, so all of the search and autocomplete request are sent directly to Kentico.
Typing in the search box sends a request to Kentico autocomplete endpoint, searching sends a request to Kentico search endpoint.
On it’s end Kentico makes a server-side call to the Hawksearch API with the following parameters :
- Client ID, Index name, Keyword, Page number, Sort By, Boost and Bury etc.
- Query - contains information about the current user rolesThe Hawksearch API then responds with a set of results depending on the parameters sent:
- It uses the Query parameter to determine which results should be sent back - it compares the user roles to the permissions for each result. If the user is denied access to a specific result it is not sent back.Kentico then passes these results to the Hawksearch results widget to be displayed on the frontend
Indexing Workflow
There are many operations that need to be executed in order to provide the user with the proper results such as filtering by permissions, paging, boosting certain results.
Indexing
When the index is created and Filter by Permissions is turned on in the Hawksearch configuration each document is sent with fields specifying which roles are permitted to view the document. As mentioned in the Search Workflow when a search request is made it contains the roles of the user making the request. Hawksearch then compares these roles with the permissions of each document and determines whether the user can view the document.