-
Sub-task
-
Resolution: Fixed
-
Minor
-
3.2
-
MOODLE_32_STABLE
-
MOODLE_32_STABLE
-
MDL-54794_master -
This issue is about adding users to global search, pinging devang2511 as this is part of his GSOC proposal. Feel free to assign the issue to you or let me know if you don't have permissions to do it, I can do it for you.
Moodle managers can brower and filter users using admin/user.php, any moodle user can search for other users as well using the messaging system or just pointing to its profile URL (user/profile.php?id=XXX) although it may depend on some factors, which I explain below. We want moodle users to search for users through the global search box, once on their profile page (the search result could point to the user's profile) users have links to whatever action they want to perform and we don't need to worry about it.
Some tips about this implementation.
Indexed data (https://docs.moodle.org/dev/Search_API#Index_data)
- Only data visible in the user's profile page should be indexed, we should not index user data that can only be visible for some users (idnumber field may be an example, should be checked) because search queries will be applied to all user indexed data and we can not filter out these results later.
- To know which users should be indexed we can look at what users are available through user/profile.php. Consider unconfirmed users (confirmed field) suspended users, users without email... as a general rule, whatever is available through user/profile.php should be available through global search.
Access control (https://docs.moodle.org/dev/Search_API#Access_control)
- Although it depends on some settings, by default, non-guest users will be able to use this search area so it should work at CONTEXT_SYSTEM (https://docs.moodle.org/dev/Search_API#Automatic_context-based_filtering)
- user/profile.php can be again the base to look at, we should not only look at the required capabilities but also at site-wide settings ($CFG) like forceloginforprofiles. Take into account that, by default, global search is available for all the site users (depending on $CFG->forcelogin - see search/index.php) Part of this issue's tasks is to investigate this.
- We are not interested in duplicating logic, if we notice that there is a significant amount of code duplicated between user/profile.php and check_access function or even user/externallib.php web services function (get_users) we should discuss it and see if it is worth adding a new function to user/lib.php
Unit tests to check that the data is indexed are pretty trivial, you can pick one of the existing tests as a base, but access control unit tests change significantly between search areas, as what we are interested in testing depends on the search area check_access contents. Unit tests should be included as part of this issue.