[#919710] Ensure only published makes are returned from general search, ...

lib/models/make.js

@@ -92,6 +92,8 @@ module.exports = function( environment, mongoInstance ) {
     published: {
       type: Boolean,
       "default": true,
+      es_type: "boolean",
+      es_indexed: true,
       es_index: "not_analyzed"
     },
     tags: {

lib/queryBuilder.js

@@ -136,147 +136,163 @@ module.exports = function( loginApi ) {
     }
   };
 
-  // capture valid query generator keys
-  GENERATOR_KEYS = Object.keys( generators );
-
-  return {
-    build: function( query, callback ) {
-      if ( !( query && query.constructor === Object ) || !( callback && typeof callback === "function" ) ) {
-        throw new Error( "Check your arguments." );
-      }
+  function buildQuery( query, customFilter, callback ) {
+    if ( !( query && query.constructor === Object ) || !( callback && typeof callback === "function" ) ) {
+      throw new Error( "Check your arguments." );
+    }
 
-      query.limit = +query.limit;
-      query.page = +query.page;
-
-      // baseQuery is the most basic query we can make.
-      // advancedQuery is used if we need to generate filters, and wraps around baseQuery.
-      var baseQuery = {
-            query: {
-              filtered: {
-                query: {
-                  match_all: {}
-                },
-                filter: {
-                  missing: {
-                    field: "deletedAt",
-                    null_value: true
-                  }
-                }
-              }
-            }
-          },
-          advancedQuery = {
-            query: {
-              filtered: {
-                filter: {
-                  bool: {
-                    must: [],
-                    should: []
-                  }
-                },
-                query: baseQuery.query
-              }
+    query.limit = +query.limit;
+    query.page = +query.page;
+
+    // baseQuery is the most basic query we can make.
+    // advancedQuery is used if we need to generate filters, and wraps around baseQuery.
+    var baseQuery = {
+          query: {
+            filtered: {
+              query: {
+                match_all: {}
+              },
+              filter: customFilter || {}
             }
-          },
-          searchQuery = {},
-          size = query.limit && isFinite( query.limit ) ? query.limit : DEFAULT_SEARCH_SIZE,
-          page = query.page && isFinite( query.page ) ? query.page : 1,
-          user = query.user,
-          sort = query.sortByField,
-          filterOccurence = query.or ? "should" : "must",
-          sortObj,
-          notRegexMatch;
-
-      // If the request contains any of the filter generating keys, or defines a user search, use the advancedQuery object
-      if ( Object.keys( query ).some( hasGeneratorKey ) || user ) {
-        searchQuery = advancedQuery;
-        Object.keys( query ).forEach(function( key ){
-          value = query[ key ];
-          if ( generators[ key ] ) {
-            notRegexMatch = NOT_REGEX.exec( value );
-            if ( notRegexMatch ) {
-              searchQuery.query.filtered.filter.bool[ filterOccurence ].push( generators[ key ]( notRegexMatch[ 1 ], true ) );
-            } else {
-              searchQuery.query.filtered.filter.bool[ filterOccurence ].push( generators[ key ]( value ) );
+          }
+        },
+        advancedQuery = {
+          query: {
+            filtered: {
+              filter: {
+                bool: {
+                  must: [],
+                  should: []
+                }
+              },
+              query: baseQuery.query
             }
           }
-        });
-      } else {
-        searchQuery = baseQuery;
-      }
+        },
+        searchQuery = {},
+        size = query.limit && isFinite( query.limit ) ? query.limit : DEFAULT_SEARCH_SIZE,
+        page = query.page && isFinite( query.page ) ? query.page : 1,
+        user = query.user,
+        sort = query.sortByField,
+        filterOccurence = query.or ? "should" : "must",
+        sortObj,
+        notRegexMatch;
+
+    // If the request contains any of the filter generating keys, or defines a user search, use the advancedQuery object
+    if ( Object.keys( query ).some( hasGeneratorKey ) || user ) {
+      searchQuery = advancedQuery;
+      Object.keys( query ).forEach(function( key ){
+        value = query[ key ];
+        if ( generators[ key ] ) {
+          notRegexMatch = NOT_REGEX.exec( value );
+          if ( notRegexMatch ) {
+            searchQuery.query.filtered.filter.bool[ filterOccurence ].push( generators[ key ]( notRegexMatch[ 1 ], true ) );
+          } else {
+            searchQuery.query.filtered.filter.bool[ filterOccurence ].push( generators[ key ]( value ) );
+          }
+        }
+      });
+    } else {
+      searchQuery = baseQuery;
+    }
 
-      // set size and from and sort
-      if ( size > MAX_SEARCH_SIZE ) {
-        size = MAX_SEARCH_SIZE;
-      } else if ( size < 1 ) {
-        size = 1;
-      }
-      searchQuery.size = size;
+    // set size and from and sort
+    if ( size > MAX_SEARCH_SIZE ) {
+      size = MAX_SEARCH_SIZE;
+    } else if ( size < 1 ) {
+      size = 1;
+    }
+    searchQuery.size = size;
 
-      if ( page < 1 ) {
-        page = 1;
-      }
-      searchQuery.from = ( page - 1 ) * size;
+    if ( page < 1 ) {
+      page = 1;
+    }
+    searchQuery.from = ( page - 1 ) * size;
 
-      if ( sort ) {
-        sort = ( Array.isArray( sort ) ? sort : [ sort ] ).filter(function( pair ) {
-          return typeof pair === "string" && pair.length && VALID_SORT_FIELDS.indexOf( pair.split( "," )[ 0 ] ) !== -1;
-        });
+    if ( sort ) {
+      sort = ( Array.isArray( sort ) ? sort : [ sort ] ).filter(function( pair ) {
+        return typeof pair === "string" && pair.length && VALID_SORT_FIELDS.indexOf( pair.split( "," )[ 0 ] ) !== -1;
+      });
 
-        if ( sort.length ) {
-          searchQuery.sort = [];
-          sort.forEach(function( pair ){
-            pair = pair.split( "," );
-            sortObj = {};
-            if ( pair[ 0 ] === "likes" ) {
-              sortObj._script = {
-                lang: "js",
-                order: pair[ 1 ],
-                script: "doc['likes.userId'].values.length",
-                type: "number"
-              };
-            } else {
-              sortObj[ pair[ 0 ] ] = pair[ 1 ] || "desc";
-            }
-            searchQuery.sort.push( sortObj );
-          });
-        }
+      if ( sort.length ) {
+        searchQuery.sort = [];
+        sort.forEach(function( pair ){
+          pair = pair.split( "," );
+          sortObj = {};
+          if ( pair[ 0 ] === "likes" ) {
+            sortObj._script = {
+              lang: "js",
+              order: pair[ 1 ],
+              script: "doc['likes.userId'].values.length",
+              type: "number"
+            };
+          } else {
+            sortObj[ pair[ 0 ] ] = pair[ 1 ] || "desc";
+          }
+          searchQuery.sort.push( sortObj );
+        });
       }
+    }
 
-      if ( user ) {
-        notRegexMatch = NOT_REGEX.exec( user );
-        if ( notRegexMatch ) {
-          user = notRegexMatch[ 1 ];
+    if ( user ) {
+      notRegexMatch = NOT_REGEX.exec( user );
+      if ( notRegexMatch ) {
+        user = notRegexMatch[ 1 ];
+      }
+      loginApi.getUser( user, function( err, userData ) {
+        if ( err ) {
+          callback({
+            error: err,
+            code: 500
+          });
+          return;
         }
-        loginApi.getUser( user, function( err, userData ) {
-          if ( err ) {
-            callback({
-              error: err,
-              code: 500
-            });
-            return;
-          }
 
-          if ( !userData ) {
-            if ( searchQuery.query.filtered.filter.bool.should.length ) {
-              // If this is an OR filtered query, ignore the undefined user
-              callback( null, searchQuery );
-            } else {
-              callback( { code: 404 } );
-            }
-            return;
+        if ( !userData ) {
+          if ( searchQuery.query.filtered.filter.bool.should.length ) {
+            // If this is an OR filtered query, ignore the undefined user
+            callback( null, searchQuery );
+          } else {
+            callback( { code: 404 } );
           }
+          return;
+        }
 
-          var filter = generateFilter( "term", {
-            email: userData.email
-          }, !!notRegexMatch );
+        var filter = generateFilter( "term", {
+          email: userData.email
+        }, !!notRegexMatch );
 
-          searchQuery.query.filtered.filter.bool[ filterOccurence ].push( filter );
-          callback( null, searchQuery );
-        });
-      } else {
+        searchQuery.query.filtered.filter.bool[ filterOccurence ].push( filter );
         callback( null, searchQuery );
-      }
+      });
+    } else {
+      callback( null, searchQuery );
+    }
+  }
+
+  // capture valid query generator keys
+  GENERATOR_KEYS = Object.keys( generators );
+
+  return {
+    build: function( query, callback ) {
+      buildQuery( query, {
+        and: [
+          {
+            missing: {
+              field: "deletedAt",
+              null_value: true
+            }
+          },
+          {
+            term: {
+              published: true
+            }
+          }
+        ]
+      }, callback );
+    },
+    authenticatedSearch: function( query, callback ) {
+      buildQuery( query, {}, callback );
     }
   };
 };

routes/index.js

@@ -11,6 +11,7 @@ module.exports = function routesCtor( makeModel, apiUserModel, env ) {
       res.render( "index.html" );
     },
     search: makeRoutes.search,
+    authenticatedSearch: makeRoutes.authenticatedSearch,
     create: makeRoutes.create,
     update: makeRoutes.update,
     remove: makeRoutes.remove,

routes/make.js

@@ -157,6 +157,25 @@ module.exports = function( makeModel, env ) {
         doSearch( req, res, dsl );
       });
     },
+    authenticatedSearch: function( req, res ) {
+
+      if ( !req.query ) {
+        return searchError( res, "Malformed Request", 400 );
+      }
+
+      queryBuilder.authenticatedSearch( req.query, function( err, dsl ) {
+        if ( err ) {
+          if ( err.code === 404 ) {
+            // No user was found, no makes to search.
+            metrics.increment( "make.search.success" );
+            return res.json( { makes: [], total: 0 } );
+          } else {
+            return searchError( res, err, err.code );
+          }
+        }
+        doSearch( req, res, dsl );
+      });
+    },
     searchTest: function( req, res ) {
       res.render( "search.html" );
     },

server.js

@@ -95,6 +95,7 @@ app.put( "/api/20130724/make/like/:id", middleware.hawkAuth, Mongo.isDbOnline, m
 app.put( "/api/20130724/make/unlike/:id", middleware.hawkAuth, Mongo.isDbOnline, middleware.getMake, middleware.unlike, routes.update );
 app.del( "/api/20130724/make/:id", middleware.hawkAuth, Mongo.isDbOnline, middleware.getMake, routes.remove );
 app.get( "/api/20130724/make/search", Mongo.isDbOnline, middleware.crossOrigin, routes.search );
+app.get( "/api/20130724/make/authenticatedSearch", middleware.hawkAuth, Mongo.isDbOnline, middleware.crossOrigin, routes.authenticatedSearch );
 
 // 20130724 Admin API routes
 app.put( "/admin/api/20130724/make/:id", csrfMiddleware, middleware.collabAuth, middleware.fieldFilter, Mongo.isDbOnline, middleware.getMake, routes.update );

test/queryBuilder/core.unit.js

@@ -7,10 +7,19 @@ module.exports = function( qb ){
               match_all: {}
             },
             filter: {
-              missing: {
-                field: "deletedAt",
-                null_value: true
-              }
+              and: [
+                {
+                  missing: {
+                    field: "deletedAt",
+                    null_value: true
+                  }
+                },
+                {
+                  term: {
+                    published: true
+                  }
+                }
+              ]
             } 
           }
         },
@@ -62,6 +71,8 @@ module.exports = function( qb ){
           assert.strictEqual( err, null );
         });
         it( "built query should match the defined base query", function() {
+console.log("query", query);
+console.log("baseQuery", baseQuery);
           assert.deepEqual( query, baseQuery );
         });
       });

test/queryBuilder/sort.unit.js

@@ -7,10 +7,19 @@ module.exports = function( qb ) {
               match_all: {}
             },
             filter: {
-              missing: {
-                field: "deletedAt",
-                null_value: true
-              }
+              and: [
+                {
+                  missing: {
+                    field: "deletedAt",
+                    null_value: true
+                  }
+                },
+                {
+                  term: {
+                    published: true
+                  }
+                }
+              ]
             } 
           }
         },