For our main product index, we have an attribute that lists User Group IDs which have access to a specific result. We do this to restrict some products to only users of specific groups. The attribute is in the form of a comma separated list of Group IDs. “101,104,110” as an example. If the attribute is blank, that product is accessible to all users.
For each user searching on our site, we know the list of groups that user is in. It takes the same format as the attribute above. “101,102,110,116”. That means that they have access to products which are in groups 101, 102, 110, or 116.
Is there a way to pass the users security groups as part of a filter to ensure that if a result contains a access list, we only display to users who have at least one of the elements of the access list in their groups? If the user does not have access to a specific result due to the security groups that product belongs to, we don’t want to display it in the results. But if the result does not contain an access list at all, it is displayed since it is accessible to any user searching.
- If a specific results security list is empty, display it.
- If a specific result’s security list contains at least one element that is in the user’s security list, display it.
- If a specific result’s security list contains zero elements which are in the user’s security list, don’t display it.
- As a generalized rule, if the user’s security group list is empty, don’t display any results that have a security attribute (same as #3, but simplified for the empty user security group edge case)
I hope this makes sense and there is an easy to way do this!