Search API filter by user permissions

Is there a way to restrict the content of the Telligent Search API to only what the requestor can access inside the Community portal?

From the documentation page, the search API for Telligent looks to be a thin shim for the Solr search backend. As a a result, all results are exposed for all users even if the user cannot access the provide link.

What I'm looking for example: EmployeeA is a manager and has access to the manageronly blog. If a server requested a search (using the Telligent search API) on his behalf, he could see results from manageronly.

However, EmployeeB is not a manager. If the server requested the same search on his behalf, he would be unable to see results from manageronly.

  

Parents Reply Children
  • Yes, this should be possible. The List Search Results REST endpoint, like other REST endpoints, respects the permissions of the authenticated user performing the request. Since you mention using API keys, are the searches being performed using the API key of a user who does have permission to view the posts, or through the accessing contributors who do not? If it's using a shared key of a user with elevated permissions, that would account for the behavior you're seeing.

    Are these REST requests being performed in the context of Community's own user interface? If so, you don't need to worry about authentication if you use the client-side REST API. It will automatically authenticate as the accessing user, so URLS of search results returned from REST would be navigable by the same user who performed the REST request.

     

    URLs POST api.ashx/v2/batch.xml (or .json) Will execute a series a rest requests in batch with a maximum of 100. Request Parameters Name Type Description Location Required Default Options _REQUEST_X_URL…
    Last edited in Verint Community 12.x > API Documentation
     

     

    jQuery.telligent.evolution REST helpers This module exposes helper methods to assist with performing ajax requests against the REST API. They are essentially thin wrappers over jQuery.ajax() , and all…
    Last edited in Verint Community 12.x > API Documentation