Algolia not handle ORs of ANDs filter condition

Am using Algolia for search engine and I would like to fetch result from algolia as follows

If visibility = everyone, then it will show to all users
If visibility = private, then it will only for logged in user

To achieve that, i tried

filter=“visibility:everyone” OR (“visibility:me” AND “user.username:testuser”)

But it return below error

{
“message”: “filters: filter (X AND Y) OR Z is not allowed, only (X OR Y) AND Z is allowed”,
“status”: 400
}

How can i alter the condition to achieve above scenario?

Any help will appreciate and thank in advance.

1 Like

Hi @pk.sureshsap,
The best way is to manage it with Secured API key. Have you already had a chance to look at this guide?

Thank you for the reply Alex.

BTW, how do I handle with Secured API key?

Since, i have many number of user and need to show feeds based logged in user. Based on the search word, i need to list related feed to user.

So i thought, the only change will be

filter=“visibility:everyone” OR (“visibility:me” AND “user.username:testuser”)

If it works then this will be best result for me.

How do i make it work or do i need any other method?

From what I understand of your use case, you should find an example here

Actually, we are using node JS with parse server for back end. Using the node JS API, mobile client and web user can login and see the feeds.

In this case, do i need to create separate key for all user (i.e., who are all installed my app) to achieve the result?

I think, it requires more code change to my app. Is there any other possibilities?

Thank you!!

Using Secured API keys is the only way to secure access to the data, and make sure that no-one who knows the Algolia API can change a few search parameters in the search request, and access to data he/she was not supposed to have access to.

I don’t think it requires you to change that many things in your code. You just need to add the following logic.

  1. When a user is created, generate a Secured API key from your firebase backend. Using the SEARCH_ONLY API key, and the filters related to that user (as described in the guide
  2. Save that generated key to the user model, and make it available in the user session
  3. When the user opens the search page, use the search key from its session.

Does that make sense?

1 Like