Project

Profile

Help

Refactor #94

Implement Generic SearchAPI View

Added by bmbouter almost 7 years ago. Updated over 2 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
2.7.0
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
March 2015
Quarter:

Description

This is related to the Django conversion work. There are many URLs in the Pulp webservices area that use the Pulp Search API [0]. The port to Django will need to provide 100% compatibility with the existing SearchAPI. To de-duplicate the ported codebase as much as possible, a generic SearchAPIView parent object should be introduced that can be subclassed by all Django views requiring SearchAPI functionality.

Requirements

1. Facilitate all GET style SearchAPI functionality.
2. Facilitate all POST style SearchAPI functionality.
3. Be safe and never allow the execution of generic client side code.
4. Work with PulpCollection derived collections. These are collections that have not yet been ported to mongoengine. In this case the collection name is provided by the subclassed object.
5. Work with mongoengine derived collections. In this case the mongoengine object should be provided by the subclassed object.
6. Provide a documented (via docblocks) interface that a subclassed object can use to identify the PulpCollection or mongoengine object. I think having a single class variable as the interface that is a string if it is a non-mongoengine collection, or a subclass of a MongoEngine Document can also be set. Depending on what type of an object it is, the SearchAPI should either work through MongoEngine or directly with the collection.
7. Needs to include full tests for all codepaths introduced.

Todos

1. Introduce the SearchAPI view with tests that meets all requirements
2. Provide an example of one or two subclass uses for actual Django search URLs.

This story has security implications to ensure that the user cannot pass arbitrary javascript. If they could they could perform an attack against mongodb similar to a SQL injection attack. The mongodb FAQ includes a section on how to guard against these types of attacks and the implementation needs to adhere to that.

Also the implementation for this refactor should be double reviewed due to the security needs described above.

[0]: https://pulp-dev-guide.readthedocs.org/en/latest/conventions/criteria.html#search-api

Associated revisions

Revision 5e27b236 View on GitHub
Added by rbarlow over 6 years ago

Add a SearchView and convert TaskSearch and UserSearch to use it.

https://pulp.plan.io/issues/94

closes #94

Revision 5e27b236 View on GitHub
Added by rbarlow over 6 years ago

Add a SearchView and convert TaskSearch and UserSearch to use it.

https://pulp.plan.io/issues/94

closes #94

Revision a84c3571 View on GitHub
Added by rbarlow over 6 years ago

Remove the webpy controllers for users and tasks.

https://pulp.plan.io/issues/94

re #94

Revision a84c3571 View on GitHub
Added by rbarlow over 6 years ago

Remove the webpy controllers for users and tasks.

https://pulp.plan.io/issues/94

re #94

History

#1 Updated by mhrivnak almost 7 years ago

  • Priority changed from Normal to High

#2 Updated by cduryee almost 7 years ago

  • Sprint/Milestone set to 9

#3 Updated by rbarlow almost 7 years ago

  • Tracker changed from Task to Refactor

#4 Updated by mhrivnak almost 7 years ago

  • Sprint/Milestone deleted (9)

#5 Updated by rbarlow almost 7 years ago

  • Tags Sprint Candidate added

#6 Updated by mhrivnak almost 7 years ago

  • Sprint/Milestone set to 12

#7 Updated by rbarlow almost 7 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to rbarlow
  • Start date changed from 01/06/2015 to 02/19/2015
  • Platform Release set to master
  • Tags deleted (Sprint Candidate)

#8 Updated by rbarlow almost 7 years ago

  • % Done changed from 0 to 40

I've finally made some decent progress on this. The TaskSearch has been converted, and it seems to work well. I started working on the repository search API next (which is the PulpCollection type) and it's not nearly so simple as Tasks were. I've got some ideas though, so I think I can get this done in a few more days.

#9 Updated by rbarlow over 6 years ago

  • Tags Sprint Candidate added

#10 Updated by bmbouter over 6 years ago

  • Description updated (diff)

#11 Updated by bmbouter over 6 years ago

  • Tags Groomed added
  • Tags deleted (Sprint Candidate)

#12 Updated by bmbouter over 6 years ago

  • Tags Sprint Candidate added

#13 Updated by bmbouter over 6 years ago

  • Parent task set to #765

This is a test change. I will undo it after I see the affect on the parent task % complete field.

#14 Updated by bmbouter over 6 years ago

  • Parent task deleted (#765)

#15 Updated by rbarlow over 6 years ago

  • Status changed from ASSIGNED to POST

#16 Updated by rbarlow over 6 years ago

  • Sprint/Milestone changed from 12 to 14

#17 Updated by rbarlow over 6 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 40 to 100

#18 Updated by rbarlow over 6 years ago

  • Platform Release changed from master to 2.7.0

#19 Updated by bmbouter over 6 years ago

  • Groomed set to Yes
  • Tags deleted (Groomed)

#20 Updated by bmbouter over 6 years ago

  • Sprint Candidate set to Yes
  • Tags deleted (Sprint Candidate)

#21 Updated by dkliban@redhat.com over 6 years ago

  • Status changed from MODIFIED to 5

#22 Updated by rbarlow about 6 years ago

  • Status changed from 5 to CLOSED - CURRENTRELEASE

#23 Updated by bmbouter over 3 years ago

  • Sprint set to March 2015

#24 Updated by bmbouter over 3 years ago

  • Sprint/Milestone deleted (14)

#25 Updated by bmbouter over 2 years ago

  • Tags Pulp 2 added

Please register to edit this issue

Also available in: Atom PDF