Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate search template as anonymous user. #2672

Merged
merged 2 commits into from
Mar 25, 2022
Merged

Generate search template as anonymous user. #2672

merged 2 commits into from
Mar 25, 2022

Conversation

JakePT
Copy link
Contributor

@JakePT JakePT commented Mar 22, 2022

Description of the Change

As discussed on #2650, the query that generates the Elasticsearch search template for Instant Results runs in the context of the user being logged in as an admin. This means that the template generated will be for the query for an administrator, so things like excluding password protected posts will not be applied.

This change sets the current user as anonymous while generating the template to resolve this issue. It also includes a filter to allow developers to set a specific user for whom the template should be generated as.

Closes #2650

Alternate Designs

The original issue suggested using the determine_current_user filter to achieve this, by adding a filter that returns false for the current user during template generation. The problem with this is that it turns out that this filter does not actually run if the current user has already been set.

Possible Drawbacks

None that I can think of.

Verification Process

  1. Without this change applied, save the weighting settings to ensure the search template is saved to EP.io (or a custom proxy).
  2. Apply this change, save the weighting settings, and use Postman or similar to check the search template. On a bare bones install there should be no obvious change (4.0.0 included an alternative fix for password protected posts).
  3. Add a filter to pre_get_posts that applies a change to the query, but only for logged in users. Save the weighting settings and check the search template. This change should not be apparent in the template.
  4. Add add_filter( 'ep_search_template_user_id', 'get_current_user_id' );, save the weighting settings, and check the search template. The change should be apparent in the template.

Checklist:

  • I have read the CONTRIBUTING document.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my change.
  • All new and existing tests passed.

Changelog Entry

Fixed - An issue where Instant Results may return results intended for logged-in users only.

Credits

Props @JakePT

@JakePT JakePT requested a review from felipeelia March 22, 2022 07:11
@JakePT JakePT self-assigned this Mar 22, 2022
@JakePT JakePT added this to the 4.1.0 milestone Mar 22, 2022
@felipeelia felipeelia merged commit 0d3754c into develop Mar 25, 2022
@felipeelia felipeelia deleted the fix/2650 branch March 25, 2022 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felipeelia felipeelia Awaiting requested review from felipeelia

Assignees

@JakePT JakePT

Labels
None yet
Projects
None yet
Milestone
4.1.0
Development

Successfully merging this pull request may close these issues.

Instant Results search template is generated as the current user
2 participants
@JakePT @felipeelia