Gravatar for george.chang@perficient.com

Question by georgechang, Oct 23, 2015 2:40 PM

Accessing an indexed item from a custom security provider

I'm in the middle of writing a custom security provider and am seeing if there was a way to retrieve the indexed item and its indexed fields from a string reference to it in the following format:

sitecore://database/web/itemid/{551bec4f-68c0-4354-afb3-b1ab71605486}/language/en/version/1

Gravatar for george.chang@perficient.com

Comment by georgechang, Oct 26, 2015 4:32 PM

I've started to use the Coveo SOAP API to retrieve the item but I've quickly come to realize that this may not be the best way to go. Thoughts?

Gravatar for george.chang@perficient.com

Comment by georgechang, Nov 12, 2015 2:03 PM

Alternative thought - would I be able to modify this string reference to add additional fields that I can parse?

1 Reply
Gravatar for ldblanchet@coveo.com

Answer by ldblanchet, Oct 27, 2015 11:44 AM

There is no clean way to retrieve an indexed item from a security provider. Depending on what exactly you want to achieve, there should be a way to get the information required on the entity you are expanding in the security provider without having to retrieve it from the index.

Gravatar for george.chang@perficient.com

Comment by georgechang, Oct 27, 2015 12:05 PM

I actually need to retrieve an indexed field on the entity to determine whether a user is able to access the item or not. Is there a way to access the entity fields from the security provider?

Gravatar for george.chang@perficient.com

Comment by georgechang, Nov 10, 2015 4:30 PM

Bumping this up - any help on getting information on the indexed entity?

Gravatar for clechasseur@coveo.com

Comment by clechasseur, Nov 10, 2015 7:51 PM

As Louis-Daniel mentioned, there is no official way to query the index from the security provider - in fact, it is possible for a security provider to be called for a document's permissions before that document is officially in the index (since the document is written in a transaction and unavailable until the transaction is actually applied to the index).

Perhaps sharing a bit more of your use case could help us determine the best way to go forward?

Gravatar for george.chang@perficient.com

Comment by georgechang, Nov 10, 2015 8:38 PM

I am trying to trim search results going to the Coveo for Sitecore Search View component. The authorization scheme is a RESTful web service that takes in some data that is a field on a Sitecore item and the current user's username and returns a true/false as the user's permission for the item.

Right now I've got a custom security provider with late binding and implemented the AuthorizeUser method intending for it to call the web service; however I'm not able to get the indexed content to pass into the web service. Is there a better way of approaching this than what I'm doing now?

Gravatar for george.chang@perficient.com

Comment by georgechang, Nov 10, 2015 8:40 PM

I've looked into trying to do it further down the chain by using a query pipeline on the Coveo REST API but it looks like I can't call a web service from main.js.

Gravatar for slangevin@coveo.com

Comment by Simon, Nov 11, 2015 10:16 AM

In the context of Coveo for Sitecore, I would use the Rest Endpoint Pipeline:

https://developers.coveo.com/display/public/SC201510/Understanding+the+REST+Endpoint+Pipelines

It would be on page load when the REST response comes back from the server. You can then loop through every results and map the permissions at that time.

Gravatar for george.chang@perficient.com

Comment by georgechang, Nov 11, 2015 7:30 PM

Progress! I think I'm 90% there. Is there a smart way to recalculate the groupByResults after adjusting the results?

Gravatar for george.chang@perficient.com

Comment by georgechang, Nov 12, 2015 12:05 PM

One big problem though - the JSON only returns a page at a time. If I remove a number of results, the page only has a handful of results instead of 10. Any ideas?

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Nov 16, 2015 2:20 PM

That's why I told you to look at the security providers and late binding in the first place. Doing this filtering/security work anywhere after the index has processed the query and returned results will have this problem of having less results and wrong facet items count.

Ask a question