Midgard and content filtering

Gadgetopia has a post on how CMS's should provide an API for content filtering. Since Midgard is persistent storage API first, and CMS only second we obviously have nice APIs for doing exactly this.

In this case we're running a query and checking if a different user is allowed to see something, as specified by Gadgetopia:

Hey, CMS, I have this list of content IDs here… How did I get them? Yeah, well, that’s not that important right now…

Anyway, can you look at this and tell me which ones I can show Nathaniel Snerpis? Here, just take them all, and give me back the ones I can show him.

With Midgard you do this by fetching the objects first with Query Builder, and then checking their permissions via MidCOM auth service. When user is logged in, his ACLs are already automatically applied to the results so no checks are needed.

// In this example we have some pre-gathered list of GUIDs

// Instantiate a query builder
$qb = midcom_db_article::new_query_builder();
$qb->add_constraint('guid', 'IN', $guids_array);

// Get the articles
$articles = $qb->execute();

// We need Nathaniel Snerpis' GUID to perform the ACL check
$nathaniel = $_MIDCOM->auth->get_user_by_name('nathaniel');

// Loop through the articles and check permissions
foreach ($articles as $article)
    // Check if Nathaniel is allowed to see this
    if ($_MIDCOM->auth->can_do('midgard:read', $article, $nathaniel))
        // Show the article to Nathaniel

You can see here that we're using GUIDs, not IDs to refer to content. This is because GUIDs (compliant with the UUID spec) are replication-safe, and you can trust them to be the same on every system in your Midgard cluster.

Note: in this case the API example was in PHP. But with Midgard 9.03 you will be able to use the exact same APIs with Python and Mono.

Read more Midgard posts.