I have a web collection that is a mix of public results alongside private results. The private results should only be searchable / accessible to logged in users.
Currently I am loading in a .ftl template using AJAX to provide the display of search results.
Is it possible to use this method of searching and displaying results to control what the user is shown?
As far as I can see user verification would always be on the client side, so could then be easy to bypass and just get all the results. Ie. passing the user type as a parameter to the search.
A possible (flawed) solution could be.
- Splitting the collection into two (private and public) and passing that as a parameter. (easy to bypass)
Is there a way to lockdown funnelback search templates based on user credentials at a funnelback/server level?