ANW-261 Prevent Public Search Queries Matching on Unpublished Data #3006
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Addresses the problem of searchable non-published data by adding alternate fields
notes_published
andfullrecord_published
to the solr schema. Adds logic to the backend so that search requests coming from the public user are marked:protect_published
, which results in aSolr::Query
instance producing a url with the alternate fields. Unfortunately, it gets a bit messy due to 1) the waykeyword
type searches are handled (see #2824). Since they are not prefixed in the query string, the_published
suffix needs to be added to theqf
parameter (which is ignored for search clauses with prefixed fields); 2) the way theSolr::Query
object is instantiated after theadvanced_query
json object is parsed into a solr query string. Perhaps that parsing could be delayed until the entire query is exported to a url? Then the:protect_published
option wouldn't need to be passed around so much.Regarding 1) - perhaps PR 2824 was a bad idea. Could the same results be achieved by reverting
keyword
to map tofullrecord
and using boost queries rather thanqf
to ensure results with identifier and title matches are at the top of the results list? Would also require some rework of theAdvancedSearch
field mapping definitions to affectbq
param inSolr::Query
.Note on Indexer Tests: I reworked the way the factories and JSONModel client get set up in the spec helper - maybe this could simplify the setup in other test workflows. The indexer tests run without any supporting backend thanks to the VCR gem. The workflow for a developer editing the tests (unless they don't need to change the existing fixtures) would be something like:
This workflow should also work fine with the docker test setup in
build.xml
.