Filter by Permissions: Setup

Goal

This article provides information about the functionality, configuration and workflow behind the filter by permissions feature of the Sitefinity connector.

Prerequisite

Configured Connector - Connector: Applying Settings

 

Steps to configure filtering by Permissions

  1. Open the Hawksearch Settings: Administration → Settings → Hawksearch and select Filter By Permissions checkbox.

  2. Open the Sitefinity backend and create a role under (your-site-domain/Sitefinity/Administration/Roles)

  3. Open the Sitefinity backend, create a user under (your-site-domain/Sitefinity/Administration/Users)

  4. Assign the user the newly created role

  5. Go to Content and create one blog post and one news article

  6. Edit the permission for that role so that the user cannot view the News article you created

  • In the right side menu on the News page open Set permissions

  • Under who can view news press Change

  • Check the advanced checkbox and add the role(s) you wish to deny

5. Go to Administration → Search Indexes , create an index and reindex (your-site-domain/Sitefinity/Administration/Search)

6. Create a Sitefinity page and open it for editing (your-site-domain/Sitefinity/adminapp/pages)

7. Place the Hawksearch box and Hawksearch results widgets

8. Open the widget designer of each widget and click the Filter by permissions checkbox

9. Under Where to search? choose the newly created index and save the changes

10 .Login as the newly created user

11. Open the page in the frontend and search for the content you created - it should not be visible

The Hawksearch config exposes a checkbox which specifies whether permissions and denials fields should be added to each document that is being indexed. These fields specify which user roles are permitted to view the document and which are denied. This checkbox is selected by default.

 

How it works


Search Workflow

When filtering is active the connector exposes endpoints for the search and autocomplete requests making it work as a proxy, so all of the search and autocomplete request are sent directly to Sitefinity.

  1. Typing in the search box sends a request to Sitefinity’s autocomplete endpoint, searching sends a request to Sitefinity’s search endpoint.

  2. On its end Sitefinity makes a server-side call to the Hawksearch API with the following parameters :

  • Client ID, Index name, Keyword, Page number, Sort By, Boost and Bury etc.

  • Query - contains information about the current user roles

3. The Hawksearch API then responds with a set of results depending on the parameters sent:

  • It uses the Query parameter to determine which results should be sent back - it compares the user roles to the permission and denials for each result. If the user is denied access to a specific result it is not sent back.

4. Sitefinity then passes these results to the Hawksearch results widget to be displayed on the frontend

Indexing Workflow

There are many operations that need to be executed in order to provide the user with the proper results such as filtering by permissions, paging, boosting certain results.

  • Indexing

When the index is created and Filter by Permissions is turned on in the Hawksearch configuration each document is sent with fields specifying users in which roles are permitted to view the document and users in which roles and / or the user id are not allowed to view it. As mentioned in the Search Workflow when a search request is made it contains the roles of the user making the request. Hawksearch then compares these roles with the permissions of each document and determines whether the user can view the document.

Documents are having permissions field with the ids:

  • Paging

The paging is done on behalf of Hawksearch and depends on the following parameters that Sitefinity sends : page number, max results per page, sort by. Hawksearch then uses there parameters to return the correct set of results.

  • Boosting

If boosting is active Hawksearch introduces a functionality to Boost and Bury certain results depending on rules that can be created in the Hawksearch Dashboard.