Gravatar for george.chang@perficient.com

Question by georgechang, Oct 20, 2015 2:26 PM

Intercepting result set before binding to JavaScript interface

Is there an event I can hook into after the results of a query is returned and before the results are bound to the JavaScript components?

1 Reply
Gravatar for lbergeron@coveo.com

Answer by Luc Bergeron, Oct 20, 2015 2:35 PM

Hi,

You should hook your code to the preprocessResults or the querySuccess events.

See this page for the whole list of events: https://developers.coveo.com/display/JsSearch/Events

Cheers

Gravatar for george.chang@perficient.com

Comment by georgechang, Oct 20, 2015 4:27 PM

I think this is what I'm looking for - is there any way to remove results from the result set using preprocessResults?

Gravatar for lbergeron@coveo.com

Comment by Luc Bergeron, Oct 20, 2015 4:53 PM

If you want to remove search results, I don't think using this event is the right solution.

The two preferred ways of controlling the results that are sent to the user are:

  • leverage user and group permissions to return only the results the user should see.

  • modify the search query to filter out the results you don't want to show.

Cheers

Gravatar for george.chang@perficient.com

Comment by georgechang, Oct 21, 2015 9:15 AM

I basically need to get the values out of an indexed Sitecore item and use those values to check a user's permission to the item - what would be the best approach to this? Originally I wanted to try to filter the results after they came back but checking each result but it sounds like that's not going to work. In essence, I'm looking for an outbound filter pipeline alternative.

Gravatar for lbergeron@coveo.com

Comment by Luc Bergeron, Oct 21, 2015 9:36 AM

Since you are talking about user permissions, I think you should leverage Sitecore roles to get the desired behavior. Coveo for Sitecore supports Sitecore's security model out-of-the-box. This way, when a Sitecore user performs a query, only the results that the user can see will be returned. The whole search page will stay coherent with that (search results, total number of results, facets, etc.). If you remove results manually, then many components may not behave as expected (facets, pagers, total results count, etc.).

Another alternative would be to fetch the Sitecore item that contains the permission information first, and then, in the buildingQuery event, you add an advanced expression to scope the results according to your own permission model.

But honestly, I would try to stick to Sitecore's security model if possible.

I hope this helps.

Gravatar for george.chang@perficient.com

Comment by georgechang, Oct 21, 2015 9:49 AM

That's part of the problem I'm trying to solve unfortunately - the permissions are not stored in Sitecore and I need to take an indexed field value that's on every item to a web service to get a yes/no for the current user's access to that particular item.

Gravatar for lbergeron@coveo.com

Comment by Luc Bergeron, Oct 21, 2015 9:57 AM

Would it be possible to use a custom membership provider to make these external securities available in Sitecore?

Gravatar for george.chang@perficient.com

Comment by georgechang, Oct 21, 2015 10:21 AM

Unfortunately no. The only integration point is to pass the value of a field in an indexed item with a user ID and to receive a yes/no for access.

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Oct 21, 2015 12:13 PM

In that case, I would try to modify the Sitecore sources inside CES and change them to "Late Binding" security (see Modifying Source Security Permissions). This would be the better place to do that because the index will be able to return the correct count of results and exact values for facet values count.

You would have to create your own Coveo Security Provider module to do calls to your web service to get the yes/no answer.

Ask a question