Redact unauthorized data
Add a final step to the retrieval process to redact unauthorized results.
Look at how Elasticsearch does it for an example: https://gitlab.com/gitlab-org/gitlab/-/blob/master/app/services/search_service.rb#L62
This would require a user to be present so we would probably have a wrapper around ActiveContext.adapter.search(...) or pass user into it.
We would also need to define a condition for when a result should be visible to a user. Maybe every collection should define that.
Definition of done
-
When performing a search, a user can only see results they should be able to
Edited by Madelein van Niekerk