Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Currently, when users search on their Panopoly site, it'll only look inside fields on the node. It won't search any content added to the node via Panelizer, ie. with the "Customize this page" button.
This is surprising behavior, since to many users they don't care what's on a field and what's in Panelizer - it's all part of the same "page".
Here is a patch to Panelizer that allows Search API to index this content:
#2416505: Allow indexing content from "Full page override" with Search API
Now, all we need to is change panopoly_search to use this and write some Behat tests for it. I'm already working on this and will post a patch soon-ish.
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | panopoly_core-search-panelizer-2416505-3.patch | 600 bytes | dsnopek |
| #2 | panopoly_test-search-panelizer-2416525-2.patch | 2.59 KB | dsnopek |
| #2 | panopoly_search-search-panelizer-2416525-2.patch | 10.11 KB | dsnopek |
Comments
Comment #1
dsnopekOk, here are the functional patches (or at least the first iteration). I'm still working on the tests.
Comment #2
dsnopekHere is a patch to the tests to make sure this works! And some experimental changes to the panopoly_search patch to fix the update path which I had some trouble with on a test site.
Next I'm going run this on Travis-CI, which will further test the upgrade path...
EDIT: https://travis-ci.org/dsnopek/panopoly/builds/48806022
EDIT-2: Er, we actually want the upgrade tests: https://travis-ci.org/dsnopek/panopoly/builds/48806545
Comment #3
dsnopekBlergh! Drush make didn't like my panopoly_core patch. Here is a new version.
EDIT: Here's the new Travis link - https://travis-ci.org/dsnopek/panopoly/builds/48812650
Comment #4
cboyden CreditAttribution: cboyden commentedThis looks great. It's doing the right thing with fields of content items inserted as widgets: When those fields are displayed in the chosen view mode, they are indexed; if the field is not displayed, it's not.
Comment #5
dsnopekThanks for testing! Committed. :-)
Comment #8
sethmac CreditAttribution: sethmac commentedGreat work dsnopek. Quick question...can you explain this block further:
// Force the current user to anonymous to prevent access bypass in search
// indexes.
$original_user = $GLOBALS['user'];
$GLOBALS['user'] = drupal_anonymous_user();
Is the index populated based on the view of the user that triggers the index to be rebuilt? How does this affect a site that only has 'authenticated' users and content? I've been under the impression that the Node access filter handles many of the node_access issues but realize that may not be the case when dealing with a rendered page from panelizer.
Comment #9
dsnopekNo, that bit of code forces the index to be built with an anonymous users view of the node.
So, if there is any data specific to a the user viewing the content, it won't get included in the index. Which is a good thing! By the same token, if there is content that will be hidden entirely if the user is anonymous, it won't get included in the index, which could be either good or bad, depending on what it is. Unfortunately, I'm not sure if there is a good heuristic to make that determination, so we just err on the side of including less data for security purposes.
It probably does provide filtering, so you won't be given results that you can't view at all. However, if there is a single Pane on the page you shouldn't have access to, then that needs to get excluded from the index too. Unfortunately, there is only a single blob of text in the index per-node, so it's the same no matter who is searching. That's why you want to make sure that no confidential data gets in there.
I hope that makes sense!