search

kuzzleio / kuzzle

Open-source Back-end, self-hostable & ready to use - Real-time, storage, advanced search - Web, Apps, Mobile, IoT -
https://kuzzle.io
Apache License 2.0
1.44k stars 124 forks source link

As an end user, I'd like to send complete ES queries to the searchProfiles and searchRoles methods #1689

Closed berthieresteban closed 1 year ago

berthieresteban commented 4 years ago

Send complete search queries instead of using a smaller subset of what ES can do

Related to https://github.com/kuzzleio/kuzzle/issues/1688 https://github.com/kuzzleio/kuzzle/issues/1689

berthieresteban commented 3 years ago

it should be done at the same time as #1685

Aschen commented 3 years ago

it should be done at the same time as #1685

Why? The feature you linked is meant for Kuzzle v3 but this feature can be implemented in v2

berthieresteban commented 3 years ago

It was a conclusion after discussion with @scottinet Wait for the split of the security controller to resolve this issue instead of add an optionnal parameter or have a breaking change I think the real problem here is to know if #1685 should be in kuzzle v2 (next to security) or v3 We should probably set up a workshop to talk about this

Aschen commented 3 years ago

https://docs.kuzzle.io/core/2/api/controllers/security/search-profiles/

We could just allows to pass a query property in the body instead of the actual roles property.

https://docs.kuzzle.io/core/2/api/controllers/security/search-roles

Same here, either controllers or query can be passed in the body.

I don't think we need to wait Kuzzle v3, what do you think?

scottinet commented 3 years ago

I never said we should wait for kuzzle v3.

What I proposed, without checking the actual documentation, is that I wasn't fond of adding an optional parameter to change the behavior, because that meant introducing a breaking change in the next major version of Kuzzle when we would change the default behavior in favor of the new one. I then said that I would prefer to add a new controller for each one of the objects handled by the ginormous security controller (role, profile, user, api key, ...), which will live alongside the old one, and that we could deprecate it. And while we are at it, we could then dust off our security API a bit, and use proper search queries in the new profile:search and role:search actions.

I only mentioned future major versions when I talked about removing the old security controller.

That said, I didn't check the docs, and we could indeed add search queries to the old actions, since this can be done without having to ask clients to control the action behavior with an optional parameter.

I still think that splitting the security controller and having a cleaner API is the optimal solution, though.