Skip to content

feat(solr): default node source search to exclude embargoed content and added facets support#455

Merged
ambroisemaupate merged 6 commits into
hotfix/v2.7.31from
454-fix-solr-published-at
Jul 1, 2026
Merged

feat(solr): default node source search to exclude embargoed content and added facets support#455
ambroisemaupate merged 6 commits into
hotfix/v2.7.31from
454-fix-solr-published-at

Conversation

@ambroisemaupate

@ambroisemaupate ambroisemaupate commented Jul 1, 2026

Copy link
Copy Markdown
Member

NodeSourceSearchHandler::argFqProcess() hardcoded the default status filter to PUBLISHED but had no equivalent default for publishedAt, unlike NodesSourcesRepository::alterQueryBuilderWithAuthorizationChecker on the ORM side. Downstream overrides of
NodesSourcesSearchController::getCriteria(), or any code calling the search handler directly, could drop the publishedAt filter and expose embargoed content.

  • Default branch (no explicit status override) now also applies published_at_dt:[* TO NOW/MIN] unless the caller already supplied its own publishedAt filter. Explicit backend/admin status overrides are unaffected.
  • NodesSourcesSearchController now relies on that default instead of computing an exact PHP timestamp per request, which was defeating Solr's filter cache on every request.
  • Add regression tests and wire lib/RoadizSolrBundle/tests into the root PHPUnit suite.
  • Add FacetedSearchResultsInterface and solr facets support
  • Index new facet_tags_slugs_ss and facet_tags_ss to only use visible tags in facets
  • Add default NodeSourceSearchFacetSubscriber for node_type, document_type, tags_slugs and tags_names

Refs #454

NodeSourceSearchHandler::argFqProcess() hardcoded the default status
filter to PUBLISHED but had no equivalent default for publishedAt,
unlike NodesSourcesRepository::alterQueryBuilderWithAuthorizationChecker
on the ORM side. Downstream overrides of
NodesSourcesSearchController::getCriteria(), or any code calling the
search handler directly, could drop the publishedAt filter and expose
embargoed content.

- Default branch (no explicit status override) now also applies
  published_at_dt:[* TO NOW/MIN] unless the caller already supplied
  its own publishedAt filter. Explicit backend/admin status overrides
  are unaffected.
- NodesSourcesSearchController now relies on that default instead of
  computing an exact PHP timestamp per request, which was defeating
  Solr's filter cache on every request.
- Add regression tests and wire lib/RoadizSolrBundle/tests into the
  root PHPUnit suite.

Refs #454

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@ambroisemaupate ambroisemaupate self-assigned this Jul 1, 2026
- index new `facet_tags_slugs_ss` and `facet_tags_ss` to only use visible tags in facets
- add default NodeSourceSearchFacetSubscriber for `node_type`, `document_type`, `tags_slugs` and `tags_names`
@ambroisemaupate ambroisemaupate changed the title fix(solr): default node source search to exclude embargoed content feat(solr): default node source search to exclude embargoed content and minimal facets support Jul 1, 2026
@ambroisemaupate ambroisemaupate changed the base branch from main to hotfix/v2.7.31 July 1, 2026 04:16
@ambroisemaupate ambroisemaupate marked this pull request as ready for review July 1, 2026 04:16
Comment thread bruno/Roadiz development app/NodesSources/Search NodesSources resources.bru Outdated
@eliot488995568 eliot488995568 marked this pull request as draft July 1, 2026 08:16
@ambroisemaupate ambroisemaupate changed the base branch from hotfix/v2.7.31 to main July 1, 2026 09:47
- Move search operation to a virtual, read-only SearchResultItem resource
  at /api/search (skolem IRIs) in config/api_resources/search.yml
- Add tag_name and node_type request filters via NodeSourceSearchQueryEvent
  subscribers, matching the facet fields
- Rename facet local_key to tag_name for consistency
- Allow previewers to see draft/pending/published content in search; default
  stays published-only
- Harden argFqProcess in both search handlers by escaping free-string filter
  query values with Solarium escapePhrase (defense-in-depth)
- Update docs and Bruno collection for the new endpoint and behavior

Refs #454

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@ambroisemaupate ambroisemaupate marked this pull request as ready for review July 1, 2026 12:40
@ambroisemaupate ambroisemaupate changed the title feat(solr): default node source search to exclude embargoed content and minimal facets support feat(solr): default node source search to exclude embargoed content and added facets support Jul 1, 2026
@ambroisemaupate ambroisemaupate changed the base branch from main to hotfix/v2.7.31 July 1, 2026 12:45
@ambroisemaupate ambroisemaupate merged commit 3253c24 into hotfix/v2.7.31 Jul 1, 2026
4 checks passed
@ambroisemaupate ambroisemaupate deleted the 454-fix-solr-published-at branch July 1, 2026 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants