Structuring Indices for Secure Groups and Posts

Hello Algolia Team and Community!

I am new to Algolia and have been reading through the documentation but am still unsure the best way to structure my data. The data I would like to index is structured as follows:

(- denotes sub-document and document attributes are listed after the : )

Group 1: group_id, members (array of uids), private (true or false)
-Post 1: group_id
-Post 2: group_id

Group 2: group_id, members (array of uids), private (true or false)
-Post 3: group_id
-Post 4: group_id

User 1: uid
User 2: uid

I would like to be able to use a single search form to search for groups, users, and posts if at all possible. However, I am able to separate it out if necessary.

I want the behavior to work as follows: If a user is a member of a group that is private, the group and posts will show up in a search. If a group is public, the group and its posts will show up in a search.

*Note: It is not possible to copy the members of a group to each post. The members array will be updated dynamically and new posts will also be added to each group.

My data is currently stored in Firebase’s Cloud Firestore and I’m using a combination of security rules on sub collections and documents to allow reads and writes as well as cloud functions to check group membership. The only solution I’ve come up with so far is to separate the searching of posts and groups. I can search for groups using filters and a secured API key, but then would have to do a search for posts on the backend and manually filter out the ones a user does not have access to.

Any suggestions and recommendations would be extremely helpful! I understand that this is a bit of an atypical use case, but I appreciate any insight. Thanks!

Hi @peyton,

Thanks for the question — generally when trying to find the best data structure with Algolia, we use the “opposition direction”, meaning, what and how will you want your users to search for.

In order to better help us, to you have any UI/UX designs or even wireframes, search scenarii that would help us guiding through that?

Keep us posted!

Best,

Hi @valentindotxyz,

Apologies for the delay in response! I’ve described a few different use cases below and will edit this post later with some of the UI mockups.

The search page will have a text input box at the top and three different categories to search through. The user will manually click which category to search. (Ie there’s a text box at the top and the user can click “search for posts matching this query”, “search for users matching this query”, or “search for groups matching this query”.

Case 1:

User 1 is a member of group 1. Group 1 is private while group 2 is public. User 1 wishes to search for all group names matching an input. When User 1 clicks the button labeled “search for groups matching this query”, groups 1 and 2 should both be displayed. Group 1 is displayed because it is private and the user is a member of group 1 and group 2 is displayed because it is public.

Case 2:

User 1 is a member of group 1. Group 1 is private while group 2 is public. User 1 wishes to search for all posts matching an input within any group they are a member of or that is public. When User 1 clicks the button matching “search for posts matching this query”, posts from group 1 and group 2 should be displayed. Posts from group 1 are displayed because the user is a member of group 1 and posts from group 2 are displayed because it is public.

Case 3:

User 1 is a member of group 1. Group 1 is private. User 1 wishes to search for other users by name in any group they are a member of. When user 1 clicks the button matching “search for users matching this query”, other users in group 1 are displayed.

Apologies for the wall of text. The solution I have come up with so far is to handle searching through our backend rather than distributing search keys to each user. I want to create a separate index for posts, users, and groups. When a user wants to perform a search, they make a call to our backend who then specifies what data to retrieve from the Algolia indices based on their group membership. This is the only way I can think of to securely handle the group permissions; if you have any other suggestions or ideas I would gladly appreciate your feedback. Thanks!

Hi @peyton, If I understand your requirements correctly, I believe you may benefit from this documentation on user restricted access to data.