services: add id to query parser #114

jrcastro2 · 2023-10-04T13:45:27Z

closes https://github.com/zenodo/rdm-project/issues/262

kpsherva · 2023-10-05T08:32:29Z

invenio_users_resources/services/users/config.py

@@ -47,7 +47,7 @@ class UserSearchOptions(SearchOptions, SearchOptionsMixin):
    query_parser_cls = QueryParser.factory(
        tree_transformer_cls=SearchFieldTransformer,
        fields=["username^2", "email^2", "profile.full_name^3", "profile.affiliations"],
-        allow_list=["username", "email"],  # mapped fields are added on the query parser
+        allow_list=["username", "email", "id"],  # mapped fields are added on the query parser


I have some doubts if we should allow to search by ID, I think it enables it for everyone, not only admins

I tested and it's independent of the visibility set in the profile, if visibility is set to hidden, then no one can find users by id. If is set to Public, users can be found by email, username and now ID as well

jrcastro2 · 2023-10-06T08:40:12Z

After discussion we decided to not expose the ID as anyone could query the DB since the ID is a incremental integer.

services: add id to query parser

59a95a8

* closes zenodo/rdm-project#262

kpsherva reviewed Oct 5, 2023

View reviewed changes

jrcastro2 closed this Oct 6, 2023

zzacharo mentioned this pull request Oct 18, 2023

search: added id in search and sort #118

Closed

10 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

services: add id to query parser #114

services: add id to query parser #114

jrcastro2 commented Oct 4, 2023

kpsherva Oct 5, 2023

jrcastro2 Oct 5, 2023

jrcastro2 commented Oct 6, 2023

services: add id to query parser #114

services: add id to query parser #114

Conversation

jrcastro2 commented Oct 4, 2023

kpsherva Oct 5, 2023

Choose a reason for hiding this comment

jrcastro2 Oct 5, 2023

Choose a reason for hiding this comment

jrcastro2 commented Oct 6, 2023