Boolean expression Lock Strings (secBoolExpr DLS plugin)
A DLS plugin which resolves a boolean expression (lock string) on a document against user's keys where those values define what is true.
For example the lock string on a document could be
And so the user would need to have either
EDITOR as values within their user keys. For example if the user had user keys:
Then that user would have access to the above document.
When evaluating an expression all values the user has are set to
true while all missing values are set to false, for the above example it would become:
Which evaluates to true.
Enabling the Plugin
To enable the plugin set in collection.cfg
on the indexer.
For example in collection.cfg:
This plugin supports the following logical operators ordered in lowest to highest precedence:
- or: can be represented as 'OR', '|' and ','.
- and: can be represented as 'AND', '.' and '&'.
- not: can be represented as 'NOT', '!', '-'
- (): can be represented as '(' and ')'.
Operator types can be mixed in a single lock string, the follow are a valid Lock Strings for this plugin:
a OR b | c , d
a AND b . c & d
Word operators are case sensitive and are currently are only understood in their upper case form.
Values are case sensitive non-zero ASCII strings consisting of the following characters:
and must not be any operator including
AND. Additionally values must not be the lowercase or any case form any operator. For example, values should not be
or, etc. Values may contain operators within them e.g. NOT_A, that will be processed like any other value.
Missing Lock Strings
Documents with missing, empty or zero length boolean expression will be treated as a lock string that does not permit access by any user.
Multiple Lock Strings Per Document
You should ensure that each document has exactly one lock string. Documents which have multiple lock strings will cause undefined behavior.