...
Note |
---|
If you intend to include the indexes related to an entity in the filtering you will be limited to only filter parameters the that perform an equals comparison, that is you will not be able to filter on a range so you can not use the silder or multislider parameters types when defining the user attributes, or utilise multiple fields that are combined to filter on a range. This is because the filtering is performed by the underlying indexing engine which does not support range based queries. |
...
Name | Type | Required | Description |
value | string | yes | Value to be used in the filter |
label | string | yes | Text to be displayed to the user to represent this filter |
checked | string | no | Should this check box be initially checked. Only for list within multicheck field |
Data Security
To ensure that data is not accidentally exposed because of an incorrectly configured filter if the value for a user property is missing then filtering will convert the generated filter into one that returns no results rather than just removing the filter and returning all results, e.g. a filter like where client_id = ${user.dynamic.client_id}
will be replaced with something like where 1 = 0
if there is no dynamic value for the client_id.
Normally you would resolve this by providing a suitable default value for the client_id, e.g. where client_id = ${user.dynamic.client_id|9999999}
, which would result in the same outcome in this example, but make it explicit what is happening and shows that the issue has been looked at. Alternatively, you can set a property that changes the handling of the filtering to remove the filter if the value is missing.
The property to set is weave.ignoreonsubstitutionerror
and if it is set to true
then the handling of missing values will be treated differently and will result in the filter being excluded and all results (subject to any other filtering) will be returned rather than no results. The value can be set as a system property or just adding the following to a config xml file:
Code Block | ||
---|---|---|
| ||
<?set weave.ignoreonsubstitutionerror=true?> |