Back to Search Back to Search Results

Dynamic Content Filtering

In addition to global metadata filters, administrators can implement dynamic filtering based on a user's identity using Javascript.

The script will be given a user variable containing the identity of the authenticated user, if any. If there is no user, it will be null. The script should end with a return statement returning one of the following.

  • A string containing a search query for content access filtering. This query will be included in all content queries during the user's session. The user will only be able to see content that matches the given filter query.
  • false, in which case the user will be prevented from accessing the portal entirely.
  • null or undefined (or no return statement at all), which will result in no additional filtering being applied.
Important: Dynamic filtering does not apply to monolithic views of DITA map content. This means if there are cases where the topics within a DITA map will be visible to some users but not others, you should disable the Monolithic Map feature in your portal theme(s).

Interrogating the User's Properties

The identity provider may provide additional properties associated with the authenticated user. This script can access those properties to make decisions about what content the user can access using the following properties of the user object.

Map properties
The user properties pulled from the authentication service. For SAML-secured and OpenID-secured portals, this will contain whatever attributes were included in the authentication response message sent by the Identity Provider. For LDAP-secured portals, this will contain the properties listed in the LDAP connection configuration. NOTE: This collection allows for multi-valued properties, so values are arrays, not single values. Properties with single values will be lists of size 1.
boolean hasProperty( String name, String value)
Tests whether there exists a property with the given name containing the given value. If the value is not specified, this method tests whether the property exists.

The script also provides the following utility functions.

escape(str)
Escapes reserved characters in the given string so that it can be used inside a search string.
quote(str)
Like escape(), but additionally wraps the text in quotes.
print(str)
A degugging function that prints the given string to the execution log. See below for how to read the log output.

The provided script will be executed at the following times.

  • If the portal supports anonymous access, the script will be run when a user first accesses the portal, with a null value for user.
  • Immediately after a user authenticates with the portal, with the user populated with the username and properties provided by the identity provider.
  • If the portal supports anonymous access, the script will also be run after an authenticated user logs out, again with null for user.

Script Testing

Once the script is entered, it can be tested using the Test Script section of the page, which allows you to construct a user and their properties to run through your filter function.

  1. Specify whether or not an anonymous user will be used.
  2. Specify the username and properties for the dummy user, if desired.
    Note: User properties are multi-valued. The provided interface allows you to add multiple values for properties (smaller buttons), as well as adding and removing additional properties (larger buttons).
  3. Click the Test Script button.

The script will be executed on the server, and the results of the script will be printed below the form, including strings passed to the print() function.

The /pages/userInfo page in the default portal theme can also be used to view the script output for the currently-authenticated user in a live portal.

Related information:

PortalUser
Search Syntax
Parent topic: Portal Security Configuration