Refactor #94
closedImplement Generic SearchAPI View
100%
Description
This is related to the Django conversion work. There are many URLs in the Pulp webservices area that use the Pulp Search API [0]. The port to Django will need to provide 100% compatibility with the existing SearchAPI. To de-duplicate the ported codebase as much as possible, a generic SearchAPIView parent object should be introduced that can be subclassed by all Django views requiring SearchAPI functionality.
Requirements¶
1. Facilitate all GET style SearchAPI functionality.
2. Facilitate all POST style SearchAPI functionality.
3. Be safe and never allow the execution of generic client side code.
4. Work with PulpCollection derived collections. These are collections that have not yet been ported to mongoengine. In this case the collection name is provided by the subclassed object.
5. Work with mongoengine derived collections. In this case the mongoengine object should be provided by the subclassed object.
6. Provide a documented (via docblocks) interface that a subclassed object can use to identify the PulpCollection or mongoengine object. I think having a single class variable as the interface that is a string if it is a non-mongoengine collection, or a subclass of a MongoEngine Document can also be set. Depending on what type of an object it is, the SearchAPI should either work through MongoEngine or directly with the collection.
7. Needs to include full tests for all codepaths introduced.
Todos¶
1. Introduce the SearchAPI view with tests that meets all requirements
2. Provide an example of one or two subclass uses for actual Django search URLs.
This story has security implications to ensure that the user cannot pass arbitrary javascript. If they could they could perform an attack against mongodb similar to a SQL injection attack. The mongodb FAQ includes a section on how to guard against these types of attacks and the implementation needs to adhere to that.
Also the implementation for this refactor should be double reviewed due to the security needs described above.
[0]: https://pulp-dev-guide.readthedocs.org/en/latest/conventions/criteria.html#search-api
Updated by rbarlow about 9 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to rbarlow
- Start date changed from 01/06/2015 to 02/19/2015
- Platform Release set to master
- Tags deleted (
Sprint Candidate)
Updated by rbarlow about 9 years ago
- % Done changed from 0 to 40
I've finally made some decent progress on this. The TaskSearch has been converted, and it seems to work well. I started working on the repository search API next (which is the PulpCollection type) and it's not nearly so simple as Tasks were. I've got some ideas though, so I think I can get this done in a few more days.
Updated by bmbouter about 9 years ago
- Tags Groomed added
- Tags deleted (
Sprint Candidate)
Updated by bmbouter about 9 years ago
- Parent issue set to #765
This is a test change. I will undo it after I see the affect on the parent task % complete field.
Updated by rbarlow about 9 years ago
- Status changed from ASSIGNED to POST
Added by rbarlow about 9 years ago
Added by rbarlow about 9 years ago
Revision 5e27b236 | View on GitHub
Add a SearchView and convert TaskSearch and UserSearch to use it.
https://pulp.plan.io/issues/94
closes #94
Added by rbarlow about 9 years ago
Added by rbarlow about 9 years ago
Updated by rbarlow about 9 years ago
- Status changed from POST to MODIFIED
- % Done changed from 40 to 100
Applied in changeset pulp|5e27b2360a9e030e09e5b25d7701e4d2e8e4d7e7.
Updated by rbarlow about 9 years ago
- Platform Release changed from master to 2.7.0
Updated by bmbouter almost 9 years ago
- Groomed set to Yes
- Tags deleted (
Groomed)
Updated by bmbouter almost 9 years ago
- Sprint Candidate set to Yes
- Tags deleted (
Sprint Candidate)
Updated by dkliban@redhat.com almost 9 years ago
- Status changed from MODIFIED to 5
Updated by rbarlow over 8 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
Add a SearchView and convert TaskSearch and UserSearch to use it.
https://pulp.plan.io/issues/94
closes #94