If the documents in a collection do not have any sub-documents but has a "tag" key used for security access to the document but its value is modeled as either a simple value or an array, is the use of $in adequate for determining access to the document?
The $redact operator seems to have its value when there are sub-documents.
Is this a correct assessment? Are there advantages over one or the other, especially when sub-documents are not being considered?
I think you will want $in. $redact is a function for aggregation, which, if you are only finding the document, will be a bit of overkill.
$in suffices for determining whether a document should be returned or not based on a tag field in the document:
db.secret_stuff.find({ "name" : "Most Excellent Cookie Recipe", "permissions" : { "$in" : ["master_chef", "chief_baker"] } })
The user's permissions are the argument to $in, in this case the array ["master_chef", "chief_baker"]. The cookie recipe will be found if its permissions array contains "master_chef" or "chief_baker", indicating these roles can access the document, and won't be returned otherwise.
The use case of $redact is to do field-level redaction of documents, hiding or showing certain fields in returned documents. It's considerably more complicated in its usage and capabilities. There's a detailed explanation of how it works in the article Implement Field Level Redaction from the MongoDB Manual.
댓글 없음:
댓글 쓰기