Restricting Search Results to Tenant (Laravel app)

I am new to Laravel and found Algolia in the Laracast videos. I have multiple tenants in my Laravel application (Model: Company), and I am curious as to how I could create a separate index for each company. I am trying to allow companies to search their directory of employees, so I can’t show employees (search results), that don’t belong to that company.

Does anyone have a recommendation how I can best approach this?

Thanks in advance!

Hi,

I see 2 different ways to do that. Using a company id in each record and secured Api keys or use a different index and have a key limited to this index.

Different index

In your Employee model, you can override the searchableAs() method, which returns the index name. You can compute a name based on the company name for instance.

Then you will need to generate a key associated with the company and add a restriction on the index name: https://www.algolia.com/doc/guides/security/api-keys/ (use the indexes parameter).

Using a company ID

Algolia can filter results based on your access rights. You will need to make sure that the employee record has a company ID and generate a secured api key associated with the companies.
You can follow the tutorial here: https://www.algolia.com/doc/tutorials/security/api-keys/secured-api-keys/how-to-restrict-the-search-to-a-subset-of-records-belonging-to-a-specific-user/#before-starting

To choose between these 2 methods, it will depend on the size of your data, but unless you’re dealing with millions of employees/companies, I’d go with the first one.

Please let me know if that worked fo you.

Hi Julien,

Thanks for the reply. Sorry for the delay in responding, I had to shift my focus to finish another bit. I “stopped” with having the viewable_by populated for each record, containing the company IDs to which the user belongs. Then I am getting results…

This works and returns my the API key:

$securedApiKey = \AlgoliaSearch\Client::generateSecuredApiKey(
        config('scout.algolia.key'),
        [
            'filters' => 'viewable_by:'.$this->currentUser->current_company_id
        ]
    );

Do you have any idea how I can get vue-instantsearch working with this now? Also, it looks like Laravel Scout is suggesting a different approach to tenant specific search results (See: https://laravel.com/docs/5.5/scout#searching Where Clauses).

The suggested way with the where clause si good if you have backend search but I highly recommend you to have do search in the frontend with Vue and InstantSearch.

The only thing you need to know, is to pass the generated key to your frontend, so maybe in a javascript variable or maybe directlt in a blade file with <ais-index api-key="{{ $securedApiKey }}" ..... ></ais-index>.

Good day,

I’ve got the search working fine, but now I am keen to add tenant specific details to the index. For example, each user can belong to multiple companies (tenants) which are in the viewable_by array, and each user can belong to multiple teams in each company. I want each company admin to search for users that are in a team, so the data would look like this:

user

  • first_name
  • last_name
  • viewable_by
    – 7, 45, 192
  • teams
    – Company 7
    — Marketing
    — Design
    – Company 45
    — Technology
    – Company 192
    — Marketing
    — Creative

Thoughts on how I could best accomplish this?

I don’t really get it. Could you give me more details on this? Thanks!

Hi,

Sorry for not being clear.

Let’s see this is an entry in my index:

first_name:Sean
last_name:Stevens
email:racygo@example.com
viewable_by: [7,10,129]
teams:[
	[7] => ["marketing","design"],
	[10] => ["graphics","managers"],
	[129] => ["marketing"]
]
invite_status: [
	[7] => [1],
	[10] => [1],
	[129] => [0]
]
avatar:http://example.com/images/avatars/default.jpg
edit_url:http://example.com/admin/users/9/edit
notes_url:http://example.com/notes/users/9

Currently only company/tenant 7, 10, 129 can find the user (as per the viewable_by array). Now I want to add the invite status and the teams the user belongs to, to the index, so that we can search by users who belong to a team, but the teams are tenant specfic.

Does that make more sense?

Any more thoughts on this? Just not possible?