Open gibrown opened 4 years ago
One workaround for sites with gated/member/restricted content is to intercept the content before Syncing it. This could potentially break other features, but is an OK workaround for Search.
// add_filter( 'jetpack_sync_before_send_jetpack_sync_save_post', array( $this, 'modify_jetpack_sync_post' ), 20, 1 );
/**
* Modify post data before it's synced to Jetpack to not show protected content.
*
* @param array $args The arguments passed to the jetpack_sync_save_post action.
*
* @return array Modified arguments
*/
public function modify_jetpack_sync_post( $args ) {
list( $post_id, $post, $update, $previous_state ) = $args;
$restricted_post_types = Option::get_restricted_post_types();
$has_restricted_content = has_block( 'passport/restricted-content', $post->post_content );
if ( ! $has_restricted_content && ! in_array( $post->post_type, $restricted_post_types, true ) ) {
return array( $post_id, $post, $update, $previous_state );
}
$passport_public = get_post_meta( $post->ID, 'passport_public', true );
$public_access = 'public' === $passport_public;
// Check if the article is public
if ( empty( $passport_public ) || $public_access ) {
// Remove Restricted Content blocks
if ( $has_restricted_content ) {
$post->post_content = $this->remove_restricted_content_blocks( $post->post_content );
}
return array( $post_id, $post, $update, $previous_state );
}
$post->post_content = __( 'Your search matches member-only content from this post.', 'passport' );
$post_excerpt = get_the_excerpt( $post_id );
if ( ! empty( $post_excerpt ) ) {
$post->post_content = $post_excerpt;
}
return array( $post_id, $post, $update, $previous_state );
}
https://github.com/Automattic/jetpack/pull/39053 also has a workaround that switches the UI from displaying the post content to only displaying the excerpt from the posts. This has the downside of losing highlighting of the results though.
Membership sites are some combination of public and private content that need to allow end users to search both logged in and not. Currently we don't have a consistent way to differentiate that content, and we don't have a way to correctly authorize access to the search. It is very easy to leak data.
For private sites we are proxying through the main site. Maybe all membership sites need to proxy and then we add the filters as we proxy the request? So we treat the site as fully private for search, but allow authenticated searches. This reduces the speed of the API, but maybe the tradeoff is worth it.