feat(solr): default node source search to exclude embargoed content and added facets support#455
Merged
Merged
Conversation
NodeSourceSearchHandler::argFqProcess() hardcoded the default status filter to PUBLISHED but had no equivalent default for publishedAt, unlike NodesSourcesRepository::alterQueryBuilderWithAuthorizationChecker on the ORM side. Downstream overrides of NodesSourcesSearchController::getCriteria(), or any code calling the search handler directly, could drop the publishedAt filter and expose embargoed content. - Default branch (no explicit status override) now also applies published_at_dt:[* TO NOW/MIN] unless the caller already supplied its own publishedAt filter. Explicit backend/admin status overrides are unaffected. - NodesSourcesSearchController now relies on that default instead of computing an exact PHP timestamp per request, which was defeating Solr's filter cache on every request. - Add regression tests and wire lib/RoadizSolrBundle/tests into the root PHPUnit suite. Refs #454 Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
- index new `facet_tags_slugs_ss` and `facet_tags_ss` to only use visible tags in facets - add default NodeSourceSearchFacetSubscriber for `node_type`, `document_type`, `tags_slugs` and `tags_names`
- Move search operation to a virtual, read-only SearchResultItem resource at /api/search (skolem IRIs) in config/api_resources/search.yml - Add tag_name and node_type request filters via NodeSourceSearchQueryEvent subscribers, matching the facet fields - Rename facet local_key to tag_name for consistency - Allow previewers to see draft/pending/published content in search; default stays published-only - Harden argFqProcess in both search handlers by escaping free-string filter query values with Solarium escapePhrase (defense-in-depth) - Update docs and Bruno collection for the new endpoint and behavior Refs #454 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
NodeSourceSearchHandler::argFqProcess() hardcoded the default status filter to PUBLISHED but had no equivalent default for publishedAt, unlike NodesSourcesRepository::alterQueryBuilderWithAuthorizationChecker on the ORM side. Downstream overrides of
NodesSourcesSearchController::getCriteria(), or any code calling the search handler directly, could drop the publishedAt filter and expose embargoed content.
FacetedSearchResultsInterfaceand solr facets supportfacet_tags_slugs_ssandfacet_tags_ssto only use visible tags in facetsnode_type,document_type,tags_slugsandtags_namesRefs #454