2

Do you have any suggestions how to perform authorization of elasticsearch results (using tire) with cancan?

My approach would be to let cancan load and authorize the models and pass in all authorized ids to the tire search or maybe the other way around.

What do you think?

spas
  • 1,914
  • 14
  • 21

1 Answers1

5

A proper answer would need a bit more code to understand your situation correctly.

But, generally, as an example:

  1. You'd store the user ID(s) for users who can access/manipulate a document directly in the document (eg. author_ids property)
  2. You'd pass the user ID (based on the current_user.id value) to a term/terms filter.
  3. Alternatively, you can use a boolean query, but filters would be faster and more effiecient.
  4. Your results are filtered.

Note, that there are many more possible approaches with elasticsearch and Tire, for instance:

  1. You use the “filtered aliases” feature in elasticsearch, to set up a “virtual” index for each user, automatically filtered on the elasticsearch layer.
  2. You inject this index name to searches in Tire.
Shadwell
  • 34,314
  • 14
  • 94
  • 99
karmi
  • 14,059
  • 3
  • 33
  • 41
  • I have multiple facets and I'm running a geo_distance filter on them... does tire allow to create multiple facet filters? I just see the option for one... – spas Jul 26 '12 at 14:22
  • The `filter` DSL method is just a tiny wrapper around a Ruby Hash, so the `facet_filter` Hash key should take whatever elasticsearch itself takes; https://github.com/karmi/tire/blob/master/test/integration/facets_test.rb#L52 [Please file an issue with example if that would not be the case] – karmi Jul 28 '12 at 08:29