lucene query filter not working

Question

I am using this filter hook in my Auth0 Delegated Administration Extension.

function(ctx, callback) {
  // Get the company from the current user's metadata.
  var company = ctx.request.user.app_metadata && ctx.request.user.app_metadata.company;
  if (!company || !company.length) {
    return callback(new Error('The current user is not part of any company.'));
  }

  // The GREEN company can see all users.
  if (company === 'GREEN') {
    return callback();
  }
  // Return the lucene query.
  return callback(null, 'app_metadata.company:"' + company + '"');
}

When user logged in whose company is GREEN can see all users. But when user logged in whose company is RED can't see any users whose company is RED.

I need to make this when user logged in, user should only be able to access users within his company. (except users from GREEN company).

But above code is not giving expected result. What could be the issue?

Answer 1

I finally ended up with this solution.

Used search functionality to filter users. I had to change below two files.

fetchUsers function in client\actions\user.js

changed

export function fetchUsers(search = '', reset = false, page = 0)

to

export function fetchUsers(search = '@red.com', reset = false, page = 0)

AND

onReset function in client\containers\Users\Users.jsx

changed

onReset = () => { this.props.fetchUsers('', true); }

to

onReset = () => { this.props.fetchUsers('@red.com', true); }

Answer 2

This might be related to a little warning note on the User Search documentation page

Basically they don't let you search for properties in the app_metadata field anymore. Unfortunately, this change was breaking and unannounced.

We had to make changes to our API so that we keep a copy of the app_metadatas in a separate database and convert lucene syntax to MongoDB queries, so that we can query by a chain of user_id:"<>" OR user_id:"<>" OR ....

One caveat though, you can't pass a query that's longer than 72 user_ids long. This number is so far undocumented and obtained empirically.

Also, you can't rely on Auth0's hooks to add new users to your database, as these don't fire for social logins, only for Username-Password-Authentication connections.

I hope this gave you some explanation as for why it wasn't working as well as a possible solution.
If I were you, I would look for an alternative for Auth0, which is what we are currently doing.