Christian sent me a question last week that I thought would be an excellent blog entry. How do you hide certain content from Verity searches? He has a set of content that he wants to hide from users who are not logged in. Or conversely, the total body of content available is limited to anonymous (non-logged in) users. How can you handle this in Verity?
As I discussed in my presentation last week, Verity supports categories when indexing and searching content. Since we only allow a sub-set of content for anonymous users, you could simply use the category feature to mark content available for them. In other words - content that is not protected will have a category of "Public" (or whatever makes sense to you). When searching, your code can do something like so (and the following is code I'm typing from scratch, so please forgive any typos):
<cfset category = "Public">
<cfelse>
<cfset category = "">
</cfif>
<cfsearch collection="mystuff" criteria="#form.searchTerms#" category="#category#">
Notice how we pass in a blank category if the user is authenticated. This basically means we have no filter for authenticated users.
So - this leads to an interesting side discussion. Imagine you display your Verity results in a simple list where each link looks like so:
So far so good, right? Now - can someone tell me what code should exist in articles.cfm - assuming the logic we discussed above?
Archived Comments
Wouldn't articles.cfm rely on the framework to secure the content in any event? The Verity solution is a nice one for restricting results. But what about if I want to show the search result with a lock icon or similar visual cue to indicate that only authorised users can proceed -- with maybe a link to register or login?
Finally, someone answered it. :) Yes and no, Geoff. My point, and the focus of my presentation in a few weeks, is that you can't trust URL variables. So if your list of articles is 'secure', don't forget to make your detail page also check security. I know it's obvious - but I'm sure you would agree that many people would forget this step. They would say, well, if URL.id is 10, I know 10 is ok for the current user. They wouldn't expect someone changing the ID.
As for your second thing - if you don't restrict your search, you can check the category field when you run over the results. Based on the category value you can show a lock icon if you want.
Ok so it was a leading question on the visual cue -- more people need to know about the extra detail in Verity result sets in CF7 :)
In fact the whole Verity caper in CF7 is marvellous, if only the options for exceeding the document count were more clearly outlined.