Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.3.0
-
None
-
None
Description
This is a use case for document-level security with solr.
In this setup, the solr document itself would store the authorization tokens, rather than having them stored directly in sentry. It wouldn't be feasible to store them directly in sentry, as there could be million of documents, and storing them in say, an .ini file would be expensive and slow.
Instead, the sentry binding would grab the groups associated with the user, and modify the user's query in order to only return documents that contain (at least one) of the user's groups in the auth tokens.
Today, there is no way for the binding layer to access the mapping service; the group mapping happens "behind the scenes" when hasAccess is called. The simplest way of providing this functionality is probably to add a function to get the GroupMappingService from the AuthorizationProvider.