This is the best way to do it in my mind, and we do pretty much exactly
this for our Hydra project. +1
Trey Terrell
Analyst Programmer
[log in to unmask]
Oregon State University Libraries
Corvallis, OR 97331
On 1/7/15, 8:55 AM, "Ethan Gruber" <[log in to unmask]> wrote:
>There are a few ways to do this, and yes, some version of #2 is desirable.
>I think it may depend on how specific these IP addresses are. Do you
>anticipate that one IP range may have access to X documents and a
>different
>IP range may have access to Y documents, or will all IP ranges have access
>to the same restricted documents (i.e., anyone on campus can access
>everything). The former scenario requires IPs to stored in the Solr docs
>and the second only requires a boolean field type, e.g. restricted =
>yes/no. In fact, in the former scenario, you'd probably want to associate
>the IP range with of key of some sort, e.g.
>
>In the schema, have field name="group"
>
>In your doc have the group field contain the value "medical_school". Then
>somewhere in your application (not stored and indexed in Solr), you can
>say
>that "medical_school" carries the ranges 192.168,1.*, 192.168.2.*, etc.
>That way, if the medical school picks up a new IP range or the range
>changes, you can make a minor update to your application without having to
>reindex content in Solr.
>
>Ethan
>
>On Wed, Jan 7, 2015 at 11:41 AM, Chad Mills <[log in to unmask]>
>wrote:
>
>> Hello,
>>
>> Basically I have a solr index where, at times, some of the results from
>>a
>> query will only be limited to a set of users based on their clients IP
>> address. I have been thinking about accomplishing this in either two
>>ways.
>>
>> 1) Post-processing the results for IP validity against an external data
>> source and dropping out those results which are not valid. That could
>> leave me with a portioned result list that would need another query to
>>fill
>> back in. Say I want 10 results, I end up dropping 2 of them, I need to
>> fill back in those 2 by performing another query.
>>
>> 2) Making the IP permission check part of the query. Basically
>>appending
>> an AND in the query on a field that stores the permissible IP addresses.
>> The index field would be set to allow all IPs to access the result by
>> default, but at times can contain the allowable IP addresses or maybe
>>even
>> ranges somehow.
>>
>> Are there some other ways to accomplish this I haven't considered?
>>Right
>> now #2 sounds seems more desirable to me.
>>
>> Thanks in advance for your thoughts!
>>
>> --
>> Chad Mills
>> Digital Library Architect
>> Ph: 848.932.5924
>> Fax: 848.932.1386
>> Cell: 732.309.8538
>>
>> Rutgers University Libraries
>> Scholarly Communication Center
>> Room 409D, Alexander Library
>> 169 College Avenue, New Brunswick, NJ 08901
>>
>> https://rucore.libraries.rutgers.edu/
>>
|