Review of endpoint to return all resources

[tdipisa]

Review of the /extjs/search/list endpoint, in particular the filters support and properties returned in response payload:

• Add missing order/sort parameter with ascending/descending option and make it supported for all available resource attributes such as: name, description, owner, modification/creation date
• Add missing support for filtering resources by:
  • creator (the owner of the resource)
  • editor (the last user who modified the resource that is used for indicating the modified by on the front-end)
• Add missing support for filtering resources by group (independently if a group has W or R permission). For example, giving one or more group names, GeoStore returns all resources having those groups in their security rules
• The resource does not contain permissions information: canCopy, canDelete, canEdit. This information should be included in the response
• Filtering by Creation date and Last update is not working correctly with filters GREATER_THAN_OR_EQUAL_TO and LESS_THAN_OR_EQUAL_TO e.g.:

<AND>
  <FIELD>
    <field>CREATION</field>
    <operator>GREATER_THAN_OR_EQUAL_TO</operator>
    <value>2024-06-01T00:00:00</value>
  </FIELD>
  <FIELD>
    <field>CREATION</field>
    <operator>LESS_THAN_OR_EQUAL_TO</operator>
    <value>2024-07-27T23:59:59</value>
  </FIELD>
</AND>

Note: for all the above points it is not requested to change the filtering strategies currently adopted.

[axl8713]

Is /extjs/search/list endpoint ever being called with GET?

[afabiani]

Is /extjs/search/list endpoint ever being called with GET?

I guess it should be possible, yes. Whate the current API states?

[tdipisa]

Is /extjs/search/list endpoint ever being called with GET?

@axl8713 this REST endpoint is called by MS by using POST method because an XML payload is usually requested for filtering purposes. Sample of requests currently performed by the MS home page is:

curl 'https://mapstore.geosolutionsgroup.com/mapstore/rest/geostore/extjs/search/list?includeAttributes=true&start=0&limit=4' \
  -H 'Accept: application/json' \
  -H 'Accept-Language: en,it;q=0.9,fr-FR;q=0.8,fr;q=0.7,en-US;q=0.6' \
  -H 'Authorization: Bearer ed961bbc-7910-4e35-afad-e6f463bbd471' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: application/xml' \
  -H 'Cookie: _hp2_props.2826793817=%7B%22account_state%22%3A%22active%22%2C%22account_plan%22%3A%22Enterprise%2021%22%2C%22billing_cycle%22%3A1%7D; _hp2_id.2826793817=%7B%22userId%22%3A%225278402490197862%22%2C%22pageviewId%22%3A%228751896907823970%22%2C%22sessionId%22%3A%228332271454944404%22%2C%22identity%22%3A%22201003634192%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D' \
  -H 'Origin: https://mapstore.geosolutionsgroup.com' \
  -H 'Referer: https://mapstore.geosolutionsgroup.com/mapstore/' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --data-raw $'<?xml version="1.0" encoding="UTF-8" standalone="yes"?>\n<AND>\n  <ATTRIBUTE>\n    <name>featured</name>\n    <operator>EQUAL_TO</operator>\n    <type>STRING</type>\n    <value>true</value>\n  </ATTRIBUTE>\n</AND>'

[axl8713]

Thanks @tdipisa!
So the endpoint here should be updated to POST, right? https://github.com/geosolutions-it/geostore/wiki/REST-API#extjs

@afabiani the reason for this is that GET method on /extjs/search/list clashes with /extjs/search/{nameLike}, since list would be picked as the name.

[tdipisa]

@axl8713
understood the homonym now. Thank you.

From a quick search, /extjs/search/{nameLike} doesn't seems to be used too much.

/extjs/search/list is the endpoint used in this case in POST. Between the two ones indeed, it is the only one from this service supporting the includeAttributes queryparam as indicated in the example above.

The APIs doc here doesn't seems to be well updated as it should be, definitely.

It would be good to simply fix the /extjs/search/{nameLike} path by using for example /extjs/search/resource/{nameLike}, leaving the other one untouched.

After doing this we will align the MS side as most probably some unit tests will fails due to this change.

[axl8713]

About this:

Filtering by Creation date and Last update is not working correctly with filters GREATER_THAN_OR_EQUAL_TO and LESS_THAN_OR_EQUAL_TO e.g.:

I see that the date provided in the filter has a format not recognized by GeoStore:

• Recognized format: yyyy-MM-dd HH:mm:ss.SSS
• Passed value: 2024-06-01T00:00:00

GeoStore requires dates to include the milliseconds part (.SSS) to be correctly parsed.

To address this issue, I plan to adjust the date parsing logic in GeoStore to support input dates without milliseconds. This change will ensure that formats like 2024-06-01T00:00:00 are properly handled without requiring .SSS.

[allyoucanmap]

@axl8713 after testing I found out the alphabetic sorting is case sensitive, so I get this results in UI:

• Is it possible to get the alphabetic order case insensitive?

[axl8713]

@allyoucanmap

• Is it possible to get the alphabetic order case insensitive?

Unfortunately, although the DAO framework supports case-insensitive ordering, the composed query makes the database crash:

Caused by: org.h2.jdbc.JdbcSQLException: Order by expression "LOWER(RESOURCE0_.DESCRIPTION)" must be in the result list in this case; SQL statement: