Closed EMjetrot closed 2 weeks ago
This sounds like a good use case for category, given that you're not authenticating the users. I would suggest adding unit tests or smoke tests to ensure that you're always correctly filtering, given that you're dealing with cross-company information. cc @mattgotteiner if he has other suggestions.
I agree that category-based filtering would work. However, without some kind of authentication it's possible that someone will see content they aren't supposed to. So it's up to you to determine if this risk is acceptable for your use case.
Thank you for your answers. I'll go for the category-based filtering then ;)
And yes, in this use case, it doesn't matter if an employee accidentally gets access to a chatbot belonging to another subcompany (i.e. by figuring out the URL routing), because the material is not confidential between subcompanies. It's just outsiders that should not see it.
Have a nice day and thanks again :)
This issue is for a: (mark with an
x
)Minimal steps to reproduce
Any log messages given by the failure
Expected/desired behavior
I've changed the routing in the app (see below), so that I can give a abbreviation for the organization (sub-company) and use that as parameter in my query to the search index, but I'm hoping someone could tell me which of the two strategies would be the best and fastest to go for?
I'm unsure, whether option 1 will be a strong/reliant enough filter and whether option 2 will be impossible without authentication.
If this use case seems reasonably, i.e. not authenticating users but differentiating the content based on a URL parameter or drop-down in the front end, then I would be thankful for it to be considered as a future feature in this repo.
Here is the rewrite of the routing:
OS and Version?
azd version?
Versions
Mention any other details that might be useful