security and search results

  • Resolved ralnic

    (@ralnic)


    5 years, 3 months ago

    I have an intranet site that we use to give users access to various documents and sales reports. There are literally hundreds of them. We use the Content Control plugin to restrict access to documents mainly by departments. You don’t want sales people seeing commission reports. And we use Memphis Document Library to upload and store the files.

    Content Control works great restricting access to contents on a page, including links and libraries. The problem is if someone uses search to hunt for a document, the search results are not secure. The search will find matches across the entire site, and the user can access any of them.

    Are there other search options (plugins?) that will leave the search results restricted by the security that we have setup? Or any other options I can try?

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter ralnic

    (@ralnic)

    Maybe some good instructions on how to use this plugin will help me. I see I can restrict by tag or category. The screen shots you have don’t really help much for beginners

    @ralnic – Sorry for the delay. I think your right. We are gonna start doing a lot more with this plugin as it got left behind as others grew. Look for some updates soon.

    In this case the search is not something we are set up for currently. It would likely require you filtering the results somehow, but I’m not sure how that could be done now.

    Checking if they have permission to view each result may be simple enough, but I’ve never filtered the search results before so not sure how to best apply that or if there is a best way. For example if we filter them after the query, it could mean page one shows only 3 items, even though the query returned 10 if we hide 7. The next page might have all 10. That wouldn’t be ideal so the query itself would need to be modified to search for only results the user had access to. That I’m not sure can be done in any reliable way as it would require conditions meant to be processed within a WordPress loop (accessing $post variables for example), and making it a query that returns limited results.

    Worth a look, but off the top I can’t see a simple way to do it without adding a ton of info to your database for each post/item so that we can query against that data for each rule you apply.

    You might find another plugin though that offers results filtering by user role. If you tagged all items based on the required role, then I could easily see you using that tag to show/hide content with our plugin, and filter results with another.

    Hope that helps.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘security and search results’ is closed to new replies.