Algolia backend search or frontend search when an user ID is involved

security full-text-search algolia instantsearch.js instantsearch

There is a baked-in way to add user-based security for record access control.

You need to generate ephemeral API keys with filters hard coded. The end user cannot alter those filters to get around the security. When a user comes through your login flow, the backend generates this key with the appropriate filters (e.g. 'filters' => visible_by:group/'.$currentGroupId.' OR visible_by:group/Everybody' and passes it to the front end in places of the search-only API key.

Your records will need to include a matching attribute for the filter (visible_by in this case) with the appropriate values.

You can read more about it here:https://www.algolia.com/doc/guides/security/api-keys/how-to/user-restricted-access-to-data/#generating-a-secured-api-key

Related

'DataFrame' object has no attribute 'value_counts' in pandas 0.25
VSCode icon is missing in app switcher on Ubuntu
ADF - trigger pipe 2 on pipe 1 successful completion
ExePackage RemotePayload hash value issue
Kafka Connect - Failed to flush, timed out while waiting for producer to flush outstanding messages
"You must add a reference to assembly PresentationFramework" -- but why?
XXX is not a valid entity or mapped super class // and config options
Test a rejection with Chai as promised
Visual Studio 2022, C# formating question?
Why does Rails fails to boot with "Expected to find a manifest file in `app/assets/config/manifest.js` (Sprockets::Railtie::ManifestNeededError)"?
Can I specify the default option for an "asp-items" list directly in the .cshtml?
MonoLogger 9 Levels deep aborting normalization