PreQueryPlugin to enforce access control across all query endpoints

Description

PreQueryPlugin to enforce access control across all query endpoints.

In a production environment with thousands of workspaces, search forms, or otherwise any metacard that is covered by the access control policy, the PDP has to go through all of them, page by page, in linear time, to execute the policy and determine which of those the user is allowed to see. The network will actually timeout waiting for this process to complete.

Adding a pre-query plugin as part of the policy to modify the filter on-the-fly and defer a large portion of the processing to Solr is a big improvement.

Privilege user (role) should have access to all metacard.
Users should have access to all metacard that

they own "metacard.owner_txt":["admin@localhost.local"]
they have been given access "security.access-individuals_txt":["jason.lam@connexta.com"],
they have been given administrator right (this could be deprecated) "security.access-administrators_txt":["admin@localhost.local"],
they belong to the group with access "security.access-groups_txt":["guest"],

Environment

None

Status

Assignee

Steven Lombardi

Reporter

Jason Lam

Labels

None

Fix versions

Affects versions

2.13.2

Priority

Major
Configure