GitHub - constanine/elasticsearch-authorization-query: Based on the map data, the index data of matching is filtered./基于map型数据,过滤了其是否匹配的索引数据

#elasticsearch-authorization-query/elasticsearch权限检查过滤插件

原理

在索引文档中,使用固定字段[authorization] type=keyword/不分词,其内容为 [${authorizationUnit}=[${roleID}...];...],存储其权限值如:CURRENCY=33504;DEPARTMENT=33107,33101;EXCHANGERATE=-1,223;
分析${authorizationUnit}=[${roleID}...];...,转化成Map<${authorizationUnit},Set[${roleID}...]>,文档中限定了可以访问的roleid,如果条件中设计了其${authorizationUnit},其对应${roleID}集合中不匹配,则为false,被过滤掉
例子: 索引文档中的数据为 CURRENCY=33504;DEPARTMENT=33107,1;MATERIAL=32311,32312; 查询是条件 CURRENCY=33504;为true; 查询是条件 CURRENCY=33503;为false; 查询是条件 CURRENCY=33503;MATERIAL=32311为false; 查询是条件 CURRENCY=33503;MATERIAL=32311,32312,32313为true; 查询是条件 CURRENCY=33503;MATERIAL=32311,32312,32313;DEPARTMENT=33107,1为true;

  {
     "query":{
        "authorization" : {
            "authorization" : "${authorizationUnit}=[${roleID}...];..."
        }
     }
  }

例如

  {
     "query":{
        "authorization" : {
            "authorization" : "CURRENCY=33504;DEPARTMENT=33107;"
        }
     }
  }

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
src		src
.gitignore		.gitignore
README.md		README.md
build.gradle		build.gradle
deps.gradle		deps.gradle
devops.gradle		devops.gradle