Plugin Author
WPSOLR
(@wpsolr)
Hi,
I’d be happy to add this kind of role-based security, if it can benefit to other “groups” users.
Can you tell me more about your usage of “groups”, and how it would be related to the search:
1) How do you manage search with “groups” today ?
2) What part of “groups” do you use: groups, activities ?
My first idea is to index documents with some additional information from “groups”, and to filter results with a query field injected from current user’s “groups” profile at query time.
This is a new mid-size intranet for 500 employees. End users have access to some sections of the site depending on their fields of work (inspector, management…).
Employees who don’t have these privileges must not see this content.
While we use the WP roles for managing the edition of content, we use the plugin “Groups” to grant access to sections.
So if the page/post/document Z is tagged with the group “Management”, only users with the group “management can view it. This work great for pages, posts and documents. I want the search to reflect the same pattern. I don’t want the result to show contents that the user don’t have access to.
Right now, we are strugling with some wordpress search plugins to deal with various needs, including this one. The other plugins are working with “Groups” but have serious other limitations (search in documents, relevancy ordering, etc.)
I think your idea could respond to our needs.
To add to that, we are adding a message “This content is private to group XYZ” when an user with the group XYZ see a post/page/document. The user is happy to know that this content is private and the others cannot see it. If the search result could do this, it would be great too.
Plugin Author
WPSOLR
(@wpsolr)
I understand that your content is tagged with groups.
You also prefer not filtering unauthorized content, by hiding them from search result lines, but rather show unauthorized warning messages.
1) How do you propose to display the unauthorized result lines: the title, the content, and the thumbnail image ?
2) As we would not filter content, the user could be proposed a lot of “unauthorized” lines. It could therefore be quite impossible, or at least uncomfortable, to navigate to authorized lines. Furthermore, the total number of results would include unauthorized content.
I may not have properly explained.
1) I want the unauthorized content to be filtered.
2) But for those who are authorized, it would be great to have a message that tell them that they can see this result but others don’t.
So it could show :
The title, the content, the thumbnail, a message like “Private content : [Name of the group] ”
Plugin Author
WPSOLR
(@wpsolr)
My fault. It’s clear now.
I’ve installed the “groups” plugin. It looks like it uses a custom field “groups-groups_read_post”, which, if selected in WPSOLR options, is already indexed. I’ve added capabilities to some posts, and they are indexed in this custom field.
Can you check on your own WPSOLR install, in tab “Solr option-> Indexing Options”, if you can see this custom field, and eventually others from “groups” plugin ?
Would you agree to beta-test the new WPSOLR version also ?
Of course we could beta-test this version. But since we were investigating all the options for our search needs, SOLR is not yet installed, nor WPSOLR. But as I can see, if this need can be solved, we are definitely going with this solution.
We’ll start by installing WPSOLR and confirm that we can select these custom fields.
Plugin Author
WPSOLR
(@wpsolr)
Do you know a way to get capabilities for a user ?
I created a group ‘sol_group1’, to which I added a capability ‘solr_capability1’
I added ‘sol_group1’ to my WP user profile.
But when I execute:
$groups_user = new Groups_User( get_current_user_id() );
$user_capabilities = $groups_user->__get( 'capabilities' );
I get nothing.
The table wp_groups_user_capability is empty also.
Plugin Author
WPSOLR
(@wpsolr)
I found a workaround.
Can you tell me, for all the following use cases, if the results are correct.
1) Posts with capability matching user group(s) capability
group1: capability1
group2: capability1
post: capability1
user: group1, group2
=> post authorized in results for this user, with text “Private content : group1, group2”
2) Posts without capabilities are never displayed (security by default)
post: no capability
=> post not authorized in results for all users
3) Users without groups see no content (security by default)
user: no group
=> no posts are authorized in results for this user
1) correct
2) Post with no capabilities should be public because it has no restrictions. It should be displayed to all user without the “private content” text. Does it make sense? That’s the way I see Groups working.
3) Correct.
Plugin Author
WPSOLR
(@wpsolr)
You’ll have the choice for 2) and 3), with custom messages also.
It’s almost done.
Plugin Author
WPSOLR
(@wpsolr)
WPSOLR 2.0 is now integrated with Groups plugin.
Our SOLR server is now running (at last) and we will be able to use your plugin.
Sorry for the long response. and many, many thanks for your time.
