Secure Search: Multiple ACL injection in a collection using content from within and through other collection

Content

Use case: Users with rights as login value or authors name value should be able to see the records for the specific author from example-metadata

Requirements:
To inject acls to the example-metadata collection.
Identified acl value: Authors name and login

Authors name will be retrieved from the content of example-metadata and login will be retrieved from another collection example-appbuilder by matching the author and injected as acl.

User.security group will be inputted as rights available to the logged in user .

Users with security-group value as the authors name or login matching to the acl should be able to see the specific content.


I  Acl injection with Example-Metadata collection

Step 1:  created a new source for example-appbuilder, this source has only login as output content.

<source name="test-appbuilder" maintainers="data-explorer-admin" test-strictly="test-strictly" modified-by="data-explorer-admin" max-elt-id="37" modified="1392698888">
<submit>
<form>
<call-function name="vse_form">
<with name="output-contents">login</with>
<with name="collection">example-appbuilder</with>
</call-function>
</form>
</submit>
<tests />
<help />
<description />
</source>

Step 2.  Add the below custom converter to the example metadata after the converter for retrieving the metadata (Create Metadata from Content )

=====================================================================
Custom converter
=====================================================================


<xsl:template match="/">
  <xsl:apply-templates select="." mode="copy" />
</xsl:template>

<!-- Specialty nodes go here -->

<xsl:template match="document" mode="copy">
  <xsl:copy>

    <xsl:apply-templates select="@*" mode="copy" />


    <!-- retrieving value from within the collection-->
    <xsl:variable name="acl2">
      <xsl:value-of select="normalize-space(content[@name='author'])" />
    </xsl:variable>
    <xsl:value-of select="viv:set('aclval2', $acl2)" />


    <!-- retrieving value from another collection -->

    <xsl:variable name="ixml">
      <load-options name="query-meta" />
      <query>
        <operator logic="and">
          <term field="query" str="{content[@name='author']}" position="0"
            processing="strict" input-type="user" />
        </operator>
      </query>
 
      <add-source name="test-appbuilder" num-per-source="100000" />
<!-- num-per-source="100000" by default is 50, increase it if you want to have more values to be retrieved -->
      <fetch timeout="100000" finish="finish" />
    </xsl:variable>
    <xsl:variable name="oxml" select="viv:process-xml($ixml)" />

    <xsl:variable name="acl1">
      <xsl:value-of select="substring-before($oxml,'arabic')" />
    </xsl:variable>
    <xsl:value-of select="viv:set('aclval1', $acl1)" />

<!-- injecting acl at document level -->

    <xsl:variable name="nl" select="'&#10;'" />
    <xsl:attribute name="acl">
      <xsl:value-of select="concat(viv:get('aclval1'),$nl,'+',viv:get('aclval2'))" /> <!-- need to inject newline for separating acls-->
    </xsl:attribute>

    <xsl:apply-templates select="* | text() | comment()" mode="copy" />
  </xsl:copy>
</xsl:template>



<!-- injecting acl at content level -->
<xsl:template match="content" mode="copy">
  <xsl:copy>
    <xsl:apply-templates select="@*" mode="copy" />

    <xsl:variable name="nl" select="'&#10;'" />
    <xsl:attribute name="acl">
      <xsl:value-of select="concat(viv:get('aclval1'),$nl,'+',viv:get('aclval2'))" /><!-- need to inject newline for separating acls-->
    </xsl:attribute>

    <xsl:apply-templates select="* | text() | comment()" mode="copy" />
  </xsl:copy>
</xsl:template>


<!-- End specialty nodes -->
<xsl:template match="@* | text() | comment()" mode="copy">
  <xsl:copy />
</xsl:template>

=====================================================================
Output: All document records with acl that matches the value of user.securitygroup will be retrieved
=====================================================================


II   Test acl through Example-Metadata sample

Step 1:      Enable rights, Go to searching tab of the collection , Under General set Require rights as true.  Under Debugging set Output ACLs as true.

Step 2:     Go to Indexing tab of the collection , Under Debugging set Keep ACLs as true.
 
Step 3:     Go to source of search collection in our case source (example-metadata)

Step 4:    Add a form component in the form tab (select Free xml)
 
Step 5:    Add below code, it inputs the logged in users Security-group as rights to search query

<input name="rights">
<attribute name="value">
<value-of-var name="user.security-groups" />
</attribute>
</input>

note: we are inputting Security group as rights available to the logged in user , if the value assigned to user.security-groups matches with the acl injected on a document it will be visible in the engine  search.

Step 6 : Go to the Management tab and click on users, select data-explorer-admin

Step 7 : Add a value to Security groups  that is acl for your collection records. In our example test we add Fran Richards so that all documents with acl as Fran Richards should be searched by this user.
 
Step 8:      Search the  collection from engine.

 III   To follow this for your requirement

Step 1: Identify the search collection from which you need to retrieve the data for acl

Step 2: Create a source for them with  output fields as only the field you want to use as acl

Step 3: Create a custom converter based  on the custom converter sample above.
         
Step 4: Retrieve data from other sources , using the common content as STR value in the term query

Step 5: Add it after the converter that retrieves and patrses data for your collection

Step 6: Test it as suggested above