[Zope3-dev] Sprintathon: searching?

[Guido van Rossum]

[kapil]
> i've had deal to with with the issues janko's raised as relates to
> the cmf and compound documents and content versioning, though i
> admit i didn't attempt to use separate indexes for a solution, still
> its probably good material for the use cases.  ie a composite
> document composed of individually managed pieces with separate
> workflow which are only visible within the container document
> (including non-visibility in catalog searches), so the search
> results for the same document vary according to user roles. with
> content versioning (using zope version control), a document would go
> from a published state to an editable state (taking a snapshot of
> the content before it leaves the published state), while still
> leaving only the published version searchable and viewable to non
> authorized users.
> 
> on a general level its fairly common in the cmf, ie varying search
> results by user based on roles as content often changes visibility
> via security manipulation. the cmf does it via constructing an
> object wrapper that indexes security info as well, and doing an
> implicit addition of the query terms for the current user's
> security, which works well when you look at a content object as a
> discrete entity.

Is it really necessary to vary the search results by role and by ZODB
version?  For varying by role, perhaps separate indexes should be
used; but I'm not sure I understand the use case: I'd expect if there
are non-public documents, there'd be a small enough number of them
that you don't really need a full-text search to find them.  But maybe
I don't understand the use case well enough.  ZODB versions are
generally not recommended (in fact I'd recommend to take them out of
ZODB4; this would make for a significant reduction in instability and
code size I expect).

--Guido van Rossum (home page: http://www.python.org/~guido/)