Add FAQ about Facet results shown for inaccessible content

This is a great question, we don't do any access control, and I don't think we should. But this is a great usecase that we should fix. Let's start by writing a test.

In theory this should just work, because we get the results form search api. I think that means this is a search api issue. However, I'm not sure. I'm hoping to see @drunken_monkey online soon. He might know more about this.

In theory this should just work, because we get the results form search api. I think that means this is a search api issue.

Solr doesn't have any native concept to do that. And it would be very complex to implement something like this. I think the easiest solution would be to simply configure the facet block correctly. It should be shown to "members" only.

In general, the Search API (any backend) will only return facet filter values that appear in the result set. (Except if the "Minimum count" is set to 0 – but that doesn't seem to be the cause here.)

It could just be a caching issue, I guess? Try clearing the whole cache (under Administration » Configuration » Development » Performance) and then right away viewing the search as an anonymous user (without visiting it as an admin/member in between). If the facets are correct (without "members only") then, it seems facet or block caching is interferring.

If that's not the problem, and unless something's going very wrong in the backend, it just seems like you haven't configured access control correctly for the search. Do you have the "Content access" processor enabled on the index? If not, enable it, re-index and then see whether the problem persists.
The search results probably seem correctly access-controlled because of the Views query plugin doing a manual extra "entity access" check on all results before viewing them. You can test that theory by temporarily disabling this in the view's "Query settings" ("Skip item access checks"). Also, if results are removed that way, paging will be incorrect (too few items per page, no results for the last pages, etc.) for anonymous users.

If the "Content access" processor is enabled but results still aren't properly access-checked (with "Skip item access checks" enabled), you might indeed need to write a custom processor to do the access checks for you. This should only happen if you're not using the default node access framework provided by Core, though.

I'm hoping to see @drunken_monkey online soon. He might know more about this.

Oh, sorry, since Chatzilla doesn't work anymore, I can't log in to IRC anymore. I guess I should register for Slack.

Solr doesn't have any native concept to do that. And it would be very complex to implement something like this. I think the easiest solution would be to simply configure the facet block correctly. It should be shown to "members" only.

As I understand it, the facets block should be shown to everyone, it's just that one facet value that shouldn't be. All other categories are open to anyone, so anonymous users should see that, too.

Removing needs tests and setting this to a support request.

Ok, that's great, let's add this as an FAQ item in the readme, so that the next person running into this doesn't have the same problem.

Committed and pushed, more docs is great, thanks!