We need to allow that each object in search results be validate against permissions, mostly user permissions. This need to be done when searching and creating the "queryset", or when iterating over SearchQuerySet (since we make count and slice work well because consistency and pagination).
It can't be done when indexing because permissions can change between time it was indexed and searched.
The SearchResult instance has the searchindex attribute, that is the SearchIndex class used to index the object, so in last case we can add some 'check_permission' method in it.
In my opinion a better idea is to customize SearchBackend.search to check permissions for each result before return it. This method as haystack documentation explains returns one "dictionary that should contain the keys ‘results’ and ‘hits’. The ‘results’ value should be an iterable of populated SearchResult objects." and this looks a nice place to apply permission checking and ignore some result objects.
However we must discuss how apply that improvement on haystack in aldryn-search.
We need to allow that each object in search results be validate against permissions, mostly user permissions. This need to be done when searching and creating the "queryset", or when iterating over
SearchQuerySet
(since we make count and slice work well because consistency and pagination).It can't be done when indexing because permissions can change between time it was indexed and searched.
The
SearchResult
instance has thesearchindex
attribute, that is theSearchIndex
class used to index the object, so in last case we can add some 'check_permission' method in it.In my opinion a better idea is to customize
SearchBackend.search
to check permissions for each result before return it. This method as haystack documentation explains returns one "dictionary that should contain the keys ‘results’ and ‘hits’. The ‘results’ value should be an iterable of populated SearchResult objects." and this looks a nice place to apply permission checking and ignore some result objects.However we must discuss how apply that improvement on haystack in aldryn-search.